The firewall on a Raspberry Pi will, by default, block incoming connections to certain ports. This is a security feature, but may cause problems if you try to configure an SSH server on your Raspberry Pi, host a website, or otherwise host some service that needs to accept incoming connections. The usual answer to this problem is to configure the firewall to accept the connections on the particular ports that you need to open. Another alternative is to disable the firewall completely.
Normally, there should not be a need to disable the firewall, but it may be quite handy for testing purposes or other scenarios in which security is not a primary concern. It is also typically okay to temporarily disable the firewall just in order to see if it is causing any connectivity problems when troubleshooting. In this tutorial, you will see how to enable or disable the firewall on a Raspberry Pi.
In this tutorial you will learn:
- How to disable or enable nftables on Raspberry Pi
- How to disable or enable iptables on Raspberry Pi
- How to disable or enable ufw on Raspberry Pi
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Raspberry Pi |
| Software | nftables, iptables, ufw |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
What Firewall Does My Raspberry Pi Have?
Before we get started, it is important to note that different versions of Raspberry Pi OS will have different types of firewalls installed by default. Refer to the list below to know what firewall your Raspberry Pi most likely is using:
- Raspberry Pi 10 (based on Debian 10 Buster) and newer use nftables by default
- Raspberry Pi 9 (based on Debian 9 Stretch) and older use iptables by default
- A popular and user friendly alternative, which is often installed by administrators on Raspberry Pi, is ufw
Below we will see how to enable or disable each of these firewalls on the Raspberry Pi.
It is usually a better idea to create a firewall rule to allow the traffic that you need to accept, rather than disabling the firewall completely.
Enable or Disable Firewall: nftables
As long as your Raspberry Pi OS is up to date, it should have nftables installed as the default firewall. Here is how to enable or disable it on the Raspberry Pi.
- Check on the status of nftables to see if it is currently running:
$ sudo systemctl status nftables.service
- Start (turn on) the nftables firewall service:
$ sudo systemctl start nftables.service
- Stop (turn off) the nftables firewall service:
$ sudo systemctl stop nftables.service
- Configure the nftables firewall to start by default upon system boot:
$ sudo systemctl enable nftables.service
- Configure the nftables firewall to be turned off by default upon system boot:
$ sudo systemctl disable nftables.service
- Check the currently configured nftables firewall rules:
$ sudo nft list ruleset
- Flush (delete) all currently configured nftables firewall rules – this will essentially make the firewall accept everything, but not actually turn it off:
$ sudo nft flush ruleset
Enable or Disable Firewall: iptables
For those with a slightly older version of Raspberry Pi OS, or if you have manually turned on legacy iptables support, the following methods can be used to enable or disable the firewall:
- Disable iptables by changing the default chain rules to accept incoming traffic, and then dropping all configured rules that block or explicitly accept traffic:
$ sudo iptables -P INPUT ACCEPT $ sudo iptables -P FORWARD ACCEPT $ sudo iptables -P OUTPUT ACCEPT $ sudo iptables -F
- Enabling iptables simply involves configuring the rules you wish to use. You can see currently configured rules by executing:
$ sudo iptables -L
Enable or Disable Firewall: ufw
ufw (uncomplicated firewall) is a frontend for nftables and iptables, and is not installed by default on Raspberry Pi OS. However, it is a very popular choice for system administrators to install it on their Raspberry Pi, as it supplies users with an easy to use command syntax that translates rules to the corresponding iptables or nftables backend. Let’s see how to enable or disable it on Raspberry Pi:
- To disable the ufw firewall:
$ sudo ufw disable
- To enable the ufw firewall:
$ sudo ufw enable
- To check the current status of the ufw firewall:
$ sudo ufw status OR $ sudo ufw status verbose
Closing Thoughts
In this tutorial, we saw how to enable or disable the system firewall on a Raspberry Pi system. The latest versions of Raspberry Pi OS come with nftables installed by default, as it is baked into the Linux kernel, but it is easy enough for us to turn it on or off via systemd and the necessary
nft commands. Other popular choices for firewalls include iptables or ufw on Raspberry Pi, so we also saw how to enable or disable them as well.
