This is an old revision of the document!
On Ubuntu and Debian the process is identical, so just open a terminal and type:
sudo apt-get install gufw
Once installed just run gufw from the terminal. Make sure you change status to on. In order to open a port just go to rules and an advanced rule opening port 22 would be something like:
Name: SSH Insert: 0 Policy: Allow Direction: In Interface: All Interfaces Protocol: TCP From: <blank> <blank> To: <blank> <22>
This opens SSH from anywhere to your PC. Obviously this is an example, you would change or add rules as appropriate for your use case.
Example:
Notes:
Audit your firewall settings:
Sometimes it is useful to compare what services are running on Debian vs what you have open as ports. I will do this now on my box to show an example.
First run this command to get a list of services listening on ports on your machine:
sudo lsof -i -P -n | grep 'LISTEN\|UDP'
So here is the output:
Relevant info is this:
aragorn@Aragorn:~$ sudo lsof -i -P -n | grep 'LISTEN\|UDP' avahi-dae 1230 avahi 12u IPv4 21240 0t0 UDP *:5353 avahi-dae 1230 avahi 13u IPv6 21241 0t0 UDP *:5353 avahi-dae 1230 avahi 14u IPv4 21242 0t0 UDP *:47819 avahi-dae 1230 avahi 15u IPv6 21243 0t0 UDP *:47292 sshd 1356 root 3u IPv4 21334 0t0 TCP *:22 (LISTEN) sshd 1356 root 4u IPv6 21336 0t0 TCP *:22 (LISTEN) dnsmasq 1593 nobody 3u IPv4 29098 0t0 UDP *:67 dnsmasq 1593 nobody 5u IPv4 29101 0t0 UDP 192.168.121.1:53 dnsmasq 1593 nobody 6u IPv4 29102 0t0 TCP 192.168.121.1:53 (LISTEN) dnsmasq 1639 nobody 3u IPv4 27149 0t0 UDP *:67 dnsmasq 1639 nobody 5u IPv4 27152 0t0 UDP 192.168.122.1:53 dnsmasq 1639 nobody 6u IPv4 27153 0t0 TCP 192.168.122.1:53 (LISTEN) teamviewe 2195 root 12u IPv4 41331 0t0 TCP 127.0.0.1:5939 (LISTEN) qemu-syst 4145 libvirt-qemu 10u IPv4 47982 0t0 TCP 127.0.0.1:5900 (LISTEN) qemu-syst 4240 libvirt-qemu 10u IPv4 44892 0t0 TCP 127.0.0.1:5901 (LISTEN) gnome-rem 56014 aragorn 40u IPv6 369452 0t0 TCP *:3389 (LISTEN) cupsd 425618 root 7u IPv6 3274437 0t0 TCP [::1]:631 (LISTEN) cupsd 425618 root 8u IPv4 3274438 0t0 TCP 127.0.0.1:631 (LISTEN) cups-brow 425667 root 7u IPv4 3276300 0t0 UDP *:631 teams 886490 aragorn 68u IPv6 5213037 0t0 UDP *:50532 firefox 888388 aragorn 75u IPv4 6082652 0t0 UDP *:57711 firefox 888388 aragorn 143u IPv4 6100036 0t0 UDP *:48078 nxplayer. 1049675 aragorn 27u IPv4 5971216 0t0 TCP 127.0.0.1:52574 (LISTEN) nxclient. 1049735 aragorn 6u IPv4 5973212 0t0 TCP 127.0.0.1:48595 (LISTEN) nxclient. 1049735 aragorn 13u IPv4 5964685 0t0 UDP *:5353 nxclient. 1049735 aragorn 14u IPv4 5964686 0t0 UDP *:53446 nxclient. 1049735 aragorn 15u IPv4 5964687 0t0 UDP *:56363 nxclient. 1049735 aragorn 16u IPv4 5964688 0t0 UDP *:54367 nxclient. 1049735 aragorn 17u IPv4 5974179 0t0 UDP *:38458 nxclient. 1049735 aragorn 24u IPv4 5974180 0t0 UDP 192.168.2.12:47905->192.168.2.2:1900 aragorn@Aragorn:~$
So assuming we had no firewall setup we can determine a few things: 1) SSH is listening on port 22 for IPv4 and 6. </p> 2) My box would reply to other clients with DNS information if queried on TCP 53 for some reason. 3) A program 'teamviewer' is listening on 5939