This is an old revision of the document!
On Ubuntu and Debian the process is identical, so just open a terminal and type:
sudo apt-get install gufw
Once installed just run gufw from the terminal. Make sure you change status to on. In order to open a port just go to rules and an advanced rule opening port 22 would be something like:
Name: SSH Insert: 0 Policy: Allow Direction: In Interface: All Interfaces Protocol: TCP From: <blank> <blank> To: <blank> <22>
This opens SSH from anywhere to your PC. Obviously this is an example, you would change or add rules as appropriate for your use case.
Example:
Notes:
Audit your firewall settings:
Sometimes it is useful to compare what services are running on Debian vs what you have open as ports. I will do this now on my box to show an example.
First run this command to get a list of services listening on ports on your machine:
sudo lsof -i -P -n | grep LISTEN
So here is the output:
Relevant info is this:
sshd 1356 root 3u IPv4 21334 0t0 TCP *:22 (LISTEN) sshd 1356 root 4u IPv6 21336 0t0 TCP *:22 (LISTEN) dnsmasq 1593 nobody 6u IPv4 29102 0t0 TCP 192.168.121.1:53 (LISTEN) dnsmasq 1639 nobody 6u IPv4 27153 0t0 TCP 192.168.122.1:53 (LISTEN) teamviewe 2195 root 12u IPv4 41331 0t0 TCP 127.0.0.1:5939 (LISTEN) qemu-syst 4145 libvirt-qemu 10u IPv4 47982 0t0 TCP 127.0.0.1:5900 (LISTEN) qemu-syst 4240 libvirt-qemu 10u IPv4 44892 0t0 TCP 127.0.0.1:5901 (LISTEN) gnome-rem 56014 aragorn 40u IPv6 369452 0t0 TCP *:3389 (LISTEN) cupsd 425618 root 7u IPv6 3274437 0t0 TCP [::1]:631 (LISTEN) cupsd 425618 root 8u IPv4 3274438 0t0 TCP 127.0.0.1:631 (LISTEN) nxplayer. 1049675 aragorn 27u IPv4 5971216 0t0 TCP 127.0.0.1:52574 (LISTEN) nxclient. 1049735 aragorn 6u IPv4 5973212 0t0 TCP 127.0.0.1:48595 (LISTEN)
So assuming we had no firewall setup we can determine a few things. 1) SSH is listening on port 22 for IPv4 and 6. 2) My box would reply to other clients with DNS information if queried on TCP 53 for some reason. 3) A program 'teamviewer' is listening on 5939