Firewall

Time: 2 minutes

A Bitcoin node will, in principle, contain no bitcoin or not many bitcoin. A Bitcoin node is mostly just used by most to verify transactions. Nonetheless, there are plenty of exceptions to have on your node. Lightning is one such exception. A Lightning node must be continuously connected to the internet and have funds online. The funds must be spendable and that requires private keys. A Lightning node is by definition "hot".

Reason enough for an extra layer of security on your node. A tool called Uncomplicated Firewall (or UFW for short) makes your node a bit more secure. Basically UFW blocks all incoming traffic to your node. But you can also open some ports which are allowed to receive traffic. You will see UFW often in the guide. In this chapter you'll find the following:

  1. Rule setting for SSH
  2. Activating UFW

Setting up a rule to allow traffic on a specific port is done as shown below. Here, the ufw program is given the command allow and a port number. **Execute this command or you will not be able to access your Pi!

sudo ufw allow 22 comment "Port for SSH"

Finally, activate the UFW as follows.

sudo ufw enable

If you want a nice overview of all the ports you have open, type:

sudo ufw status