- \n
- SparkFun Serial Basic Breakout – CH340G<\/a><\/li>\n\n\n\n
- SparkFun USB to Serial Breakout – FT232RL<\/a><\/li>\n\n\n\n
- Adafruit CP2104 Friend – USB to Serial Converter<\/a><\/li>\n\n\n\n
- Adafruit\u00a0FTDI Friend<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n
- USB cable for adapter<\/li>\n\n\n\n
- MicroSD card, 8GB or larger<\/li>\n\n\n\n
- SD card reader<\/li>\n<\/ul>\n\n\n\n
The steps you need to take are:<\/p>\n\n\n\n
- \n
- Install the operating system on an SD card<\/a><\/li>\n\n\n\n
- Make Power and Serial (or Ethernet) connections<\/a><\/li>\n\n\n\n
- Connect to the command line interface<\/a><\/li>\n\n\n\n
- Set up your initial system configuration<\/a><\/li>\n\n\n\n
- Change defaults to increase security<\/a><\/li>\n\n\n\n
- Connect to the\u00a0network<\/a><\/li>\n\n\n\n
- Update the operating system<\/a><\/li>\n\n\n\n
- Configure a firewall<\/a><\/li>\n\n\n\n
- Install your programming\u00a0environment<\/a><\/li>\n\n\n\n
- Back up your custom installation<\/a><\/li>\n<\/ul>\n\n\n\n
<\/a><\/p>\n\n\n\n
<\/span>Installing the Operating System on an SD Card<\/span><\/h2>\n\n\n\n
You need an operating system for your Pi. There are many different Linux distributions that will run on the Pi. The official distribution from Raspberrypi.org is called Raspbian. It’s a variant of the Debian distribution of Linux, and comes in two versions: the full version and the Lite version. The Lite version can always be upgraded by adding software packages, so it’s a good place to start. The full version takes more space and contains additional software you may not need. Either will work.<\/p>\n\n\n\n
Download the Raspberry Pi Imager<\/a> from the raspberrypi.org site. Install the application once it’s downloaded. On the first screeen, click Choose OS. You’ll see a list of distributions you can use. The Raspbian Lite image is listed under “Raspberry Pi OS (Other)”as “Raspberry Pi OS Lite (32-bit)” Choose that. Then insert an SD card in your computer and click “Choose SD card.” Choose the SD card that you just inserted. Then click “write.” Installing Raspbian Lite will take about three minutes; the full Raspbian will take about ten minutes. When it’s done, you have a boot disk.<\/p>\n\n\n\n
The two most convenient ways to access the Pi without a keyboard or monitor are through the serial port console or through WiFi and ssh. In order to access through the serial port, you need a USB-to-serial adapter. This is usually more reliable, as it doesn’t depend on network access, but it does require the adapter. In order to access through WiFi and ssh, you need to configure the Pi to connect to the network that your personal computer is on. <\/p>\n\n\n\n
There are a couple of files you need to know about in order to enable SSH access through either the serial port or through WiFi. They are the config.txt<\/em> file, a file you will create called ssh<\/em>, and the wpa_supplicant.conf<\/em> file, which holds your WiFi network credentials. You can create and edit all of these on your boot disk before you power up the Pi. Once the boot disk is created, remove and re-insert it into your computer and open the config.txt<\/em> file in a text editor.<\/p>\n\n\n\n
<\/span>Enabling Serial Port Access<\/span><\/h3>\n\n\n\n
As of Rasbpian’s 2017-04-10 release, the Pi’s serial terminal is not enabled by default. To access the Pi via a serial terminal, you’ll need to modify the config.txt<\/em> file on your boot disk. Open the file, and add the following line at the end:<\/p>\n\n\n\n
enable_uart=1<\/pre>\n\n\n\n
UART stands for Universal Asynchronous Receiver-Transmitter; in other words, an asynchrnous serial port. That’s all you need to do to enable the serial port. See below for how to connect to the hardware.<\/p>\n\n\n\n
<\/span>Making a New User<\/span><\/h3>\n\n\n\n
You can create a new user by creating a new file in your boot drive called
userconf.txt<\/code>. Add this file in the boot partition of the SD card; this is the part of the SD card which can be seen when it is mounted in a Windows or MacOS computer.<\/p>\n\n\n\nThis file should contain a single line of text, consisting of username:password<\/em>. That is, your username, followed immediately by a colon, followed immediately by an encrypted representation of the password you want to use. NEVER put an unencrypted password in this file.<\/p>\n\n\n\n
To encrypt your password, type the following on the command line of a POSIX computer (MacOS, Linus, Unix, or on Windows WSL):<\/p>\n\n\n\n
echo 'mypassword' | openssl passwd -1 -stdin<\/pre>\n\n\n\n
This will produce what looks like a string of random characters. It’s an encrypted version of your password. Copy it into the username:password line in the userconf.txt file. Make sure you don’t add an extra blank line to this file.<\/p>\n\n\n\n
Note: Windows users may need to install openssl first. To do this, Launch Windows Subsystem for Linux (WSL) then type:<\/p>\n\n\n\n
sudo apt-get install openssl<\/pre>\n\n\n\n
This will prompt you for your admin password, then will download the ssl application and install it in WSL for you. https:\/\/www.raspberrypi.com\/documentation\/computers\/configuration.html#setting-up-a-routed-wireless-access-point<\/a><\/p>\n\n\n\n
<\/span>Powering and Connecting to Your Pi<\/span><\/h2>\n\n\n\n
Insert the card into a Raspberry Pi. Connect your Pi to a 5V DC power adapter via the USB micro connection marked PWR IN. Use a power adapter that can supply at least 2A of current.<\/p>\n\n\n\n
<\/span>Connecting Via Serial Port<\/span><\/h3>\n\n\n\n
By enabling the UART above, you configured the Pi to provide a command line console via the serial port. Connect the adapter to the Pi’s I\/O pins as shown below. The USB-to-serial adapter’s receive pin (RX) goes to the Pi’s transmit pin (TX) and vice versa. Connect the ground of the adapter to the ground of the Pi as well. Then connect the USB-to-serial adapter to your computer. Install any needed adapters for your USB-to-serial adapter and you should then see it show up as a serial port in whatever serial terminal application you normally use. The screen<\/em> program on the MacOS and Linux command line will work best. CoolTerm works well for this on MacOS, Windows, and Linux as well.<\/p>\n\n\n\n
To connect to the serial port via screen on MacOS, first you need to know the name of your serial port. Plug the adapter in, open the Terminal application, and list the ports in the
\/dev<\/code> directory like so:<\/p>\n\n\n\nNote:<\/strong> From here on, whenever you see $ in front of a line, you can assume it’s the command prompt, and you don’t need to type the $, just the rest of the line.<\/em><\/p>\n\n\n\n
$ ls \/dev\/cu.*<\/pre>\n\n\n\n
You’ll likely get a port name like
\/dev\/cu.usbserial-14430<\/code> or\/dev\/cu.SLABtoUART<\/code>. Once you know the name of your port, open screen at 115200 bits per second like so:<\/p>\n\n\n\n$ screen <portname> 115200\n<\/pre>\n\n\n\n
![\"Diagram](\"https:\/\/itp.nyu.edu\/networks\/wp-content\/uploads\/2017\/06\/pi_serial_bb-1024x980.png\")
<\/a>Figure 1. USB-to-serial connection to a Raspberry Pi. Click to enlarge.<\/figcaption><\/figure>\n\n\n\n ![\"Diagram](\"https:\/\/itp.nyu.edu\/networks\/wp-content\/uploads\/2017\/06\/pi_pinouts-503x1024.png\")
<\/a>Figure 2. I\/O pin connections for the Raspberry Pi. Click to enlarge.<\/figcaption><\/figure>\n\n\n\n Once you’ve opened a serial connection at 115200 bps, and press the spacebar a few times. You’ll get a login prompt like so:<\/p>\n\n\n\n
Raspbian GNU\/Linux 8 raspberrypi ttyAMA0\nraspberrypi login:<\/pre>\n\n\n\n
Now you’re ready to log in.<\/p>\n\n\n\n
<\/span>Logging In To The Command Line Interface<\/span><\/h2>\n\n\n\n
The default login for the Raspbian OS is pi<\/strong>, and the default password is raspberry<\/strong>. If you didn’t create a username and password of your own, you can use this. Use these to log into your Pi. When you’re logged in, you’ll get a prompt like this:<\/p>\n\n\n\n
The programs included with the Debian GNU\/Linux system are free software;\nthe exact distribution terms for each program are described in the\nindividual files in \/usr\/share\/doc\/*\/copyright.\n\nDebian GNU\/Linux comes with ABSOLUTELY NO WARRANTY, to the extent\npermitted by applicable law.\nLast login: Wed May 31 22:24:04 2017 \n\n\npi@rasbperrypi: ~ $\n<\/a><\/pre>\n\n\n\n
<\/span>Configuring Your System<\/span><\/h2>\n\n\n\n
Once you are logged in, you need to configure the operating system for general use. This includes changing the default password and administrative user, changing the default hostname, setting the interfacing options, and expanding the filesystem on the SD card. To start, type:<\/p>\n\n\n\n
$ sudo raspi-config<\/pre>\n\n\n\n
Note:<\/strong> most of the commands you’ll use on the pi will be run though sudo<\/em>, the su<\/strong>peruser do<\/strong> command. Sudo enables users to use administrative commands, making sure they’re a part of the system’s administrative users group, also called sudo<\/em>. The system will ask for your password whenever you use sudo.<\/p>\n\n\n\n
You’ll get a menu which you can scroll through with the arrow keys and select items with the enter key, as shown below.<\/p>\n\n\n
\n![\"Screenshot](\"https:\/\/itp.nyu.edu\/networks\/wp-content\/uploads\/2017\/06\/raspi-config-300x213.png\")
<\/a>raspi-config main menu. Click to enlarge.<\/figcaption><\/figure><\/div>\n\n\n Here are the most important things to take care of:<\/p>\n\n\n\n
First choose System Options. <\/p>\n\n\n\n
- \n
- In this menu, you should Change Password if you’re still using the default pi\/raspberry combination, and follow the prompts to change your password. If you made your own username with the
userconfig.txt<\/code> file, there’s no need to do this. <\/li>\n\n\n\n- You can also Change Hostname, and change the name of your system from raspberrypi<\/em> to something meaningful to you. <\/li>\n\n\n\n
- You can also set the SSID of your wireless network and the password, or follow the steps below if you’re using an enterprise network.<\/li>\n<\/ul>\n\n\n\n
Next choose Interfacing Options. <\/p>\n\n\n\n
- \n
- If you didn’t make an ssh file on your SD card before booting, enable ssh. This will allow you to log in remotely via ssh.<\/li>\n\n\n\n
- If you plan to use a camera, or the I2C or SPI buses to communicate with external hardware, enable those options. <\/li>\n<\/ul>\n\n\n\n
Finally choose Advanced Options, and expand the filesystem. This will make more room on your SD card for the system. This will finish by asking you to reboot your Pi. Choose Yes to reboot.<\/p>\n\n\n\n
From now on, if you’re using the ethernet-over-USB option or logging into your Pi over a network using ssh (which we’ll get to shortly), you’ll need to log into your-username@your-pi-name.local<\/em> (change your-pi-name<\/em> to the name you chose).
<\/a><\/p>\n\n\n\n<\/span>Changing Defaults To Increase Security<\/span><\/h2>\n\n\n\n
Anyone who’s used a Pi knows the default username (pi) and password (raspberry) and the default device name (raspberrypi), so it’s a good idea to change these to make your Pi harder to find and harder to break into. For more advice on security hardening your Pi, see these tips<\/a>.<\/p>\n\n\n\n
First, if you didn’t use the userconfig.txt file above to make a custom user, you should add a new user. Change username<\/em> below to a name you want to use:<\/p>\n\n\n\n
$ sudo adduser username<\/em><\/pre>\n\n\n\n
This will ask you twice for a password for the new user and ask you to fill in some identifying details. You can skip any question by hitting enter. Next, add your new user to the sudo<\/em> group so it can act as a superuser:<\/p>\n\n\n\n
$ sudo adduser username<\/em> sudo<\/pre>\n\n\n\n
To access some of the Pi’s hardware, you may need to add your new username to some other groups, as follows:<\/p>\n\n\n\n
pi User-specific group. A group is automatically created for \n each new user; you can ignore this.\nadm Allows access to log files in \/var\/log and using xconsole\ndialout Allows access to serial ports\/modem reconfiguration, etc.\ncdrom Enables access to optical drives.\nsudo Enables sudo access for the user.\naudio Allows access to audio devices like microphones and soundcards\nvideo Allows access to a video devices, e.g. framebuffer, videocard, webcam\nplugdev Enables access to external storage devices\ngames Many games are SETGID to games so they can write their high score files.\nusers A Pi-specific group enabling access to \n \/opt\/vc\/src\/hello_pi\/ directory and contained files.\ninput Appears to give access to the \/dev\/input\/mice folder and nothing else.\nnetdev Enables access to network interfaces\ngpio Pi-specific group for GPIO pin access.\ni2c Pi-specific group for I2C access. \n Generated after installing i2c-tools.\nspi Pi-specific group for the SPI bus.<\/pre>\n\n\n\n
You can do this group by group with:<\/p>\n\n\n\n
$ sudo adduser username<\/em> groupname<\/em><\/pre>\n\n\n\n
or you can add many at a time like so:<\/p>\n\n\n\n
sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi username<\/em><\/pre>\n\n\n\n
For security reasons it’s a good idea to add as few groups as you actually need. So if your project only uses GPIO and SPI, for example, add those groups and not the others.<\/p>\n\n\n\n
When you’ve added your new user and given it permissions, log out by typing
logout<\/code> orexit<\/code>, then log back in as the user you just created:<\/p>\n\n\n\n$ssh username@your-pi-name.local<\/pre>\n\n\n\n
Now make sure the root account is disabled by locking it like so:<\/p>\n\n\n\n
$ sudo passwd -l root<\/pre>\n\n\n\n
If you need to unlock it later you can do so by typing:<\/p>\n\n\n\n
$ sudo passwd -u root<\/pre>\n\n\n\n
Next delete the default pi<\/em> user like so:<\/p>\n\n\n\n
$ sudo deluser --remove-home pi<\/pre>\n\n\n\n
You’ll get a message: Warning: group `pi\u2019 has no more members.<\/em> Don’t worry. When you delete the pi account, the system will delete the corresponding pi group automatically. Now that the default pi<\/em> user is gone, there’s less chance that someone will guess your username and gain access to your Pi.<\/p>\n\n\n\n
<\/span>Configuring After Changing Users<\/span><\/h3>\n\n\n\n
Note that many software packages install per user, rather than system-wide, so it’s a good idea to make sure you’ve got the user configuration you want before you install firewalls, development software, or other tools you plan to use. You don’t want the nasty surprise of installing software as one user only to find it gone when you change users.<\/p>\n\n\n\n
<\/span><\/a>
Connecting To the Network via WiFi<\/span><\/h2>\n\n\n\nThe Pi Zero W and the Pi 3 and Pi 4 and later models all have built-in WiFi and the drivers are included in the Raspbian distributions. To check that yours is working, type<\/p>\n\n\n\n
$ iwconfig wlan0<\/pre>\n\n\n\n
If you get a response that begins like this:<\/p>\n\n\n\n
wlan0 IEEE 802.11bgn Nickname:<\/pre>\n\n\n\n
Then you know the radio is there and working. If not, your Pi’s wifi might need to be unblocked. This is often the case with 5GHz radios like the Pi 3 B+, as the allowable frequencies are different from country to country, so the manufacturer sometimes ships units with the wifi disabled. If so, try this:<\/p>\n\n\n\n
$ sudo rfkill unblock wifi<\/pre>\n\n\n\n
Now try this command to see nearby WiFi hotspots:<\/p>\n\n\n\n
$ iwlist wlan0 scan | less<\/pre>\n\n\n\n
You will get a list of WiFi hotspots nearby and their credentials. It’s piped through the less<\/em> utility to paginate it. You should see a list of all nearby WiFi access points, with their details. You can see the listings page by page using the spacebar, and close the list by typing q<\/em>.<\/p>\n\n\n\n
<\/span>Getting the MAC address of the Pi’s WiFi Radio<\/span><\/h3>\n\n\n\n
You might also need the MAC address of your Pi in order to connect to an institutional network. For example, you can’t connect a Pi at ITP until you’ve registered its MAC address at computer.registration.nyu.edu<\/a>. To get the MAC address of your Pi’s WiFi, type the following once you’re logged in:<\/p>\n\n\n\n
$ ifconfig wlan0 | grep ether<\/pre>\n\n\n\n
You’ll get a response like this:<\/p>\n\n\n\n
ether b8:27:eb:aa:bb:cc txqueuelen 1000 (Ethernet)<\/pre>\n\n\n\n
Take that MAC address and register it with your institution. Then modify the wpa_supplicant.conf<\/em> file to connect to the institution’s network as explained below. <\/p>\n\n\n\n
<\/span>Network Configuration by Editing wpa_supplicant.conf<\/span><\/h3>\n\n\n\n
If you didn’t set the network name and password using the raspi-config tool, you can do it like so: Create a file called wpa_supplicant.conf<\/em> that stores your wifi configuration. It belongs in the
\/etc\/wpa_supplicant<\/code> directory. To create or edit it, type:<\/p>\n\n\n\n$ sudo nano \/etc\/wpa_supplicant\/wpa_supplicant.conf<\/pre>\n\n\n\n
You should see something like this:<\/p>\n\n\n\n
ctrl_interface=DIR=\/var\/run\/wpa_supplicant GROUP=netdev\nupdate_config=1\ncountry=GB\n\nnetwork={\n ssid=\"your_network_name\"\n psk=\"your_password\"\n}\n<\/pre>\n\n\n\nYou never want to store your password in plaintext, so you should generate an encrypted version (called a hash<\/em>) of your password like so:<\/p>\n\n\n\n
$ wpa_passphrase your_network_name your_password<\/pre>\n\n\n\n
This will generate a response like this:<\/p>\n\n\n\n
network={\n ssid=\"your_network_name\"\n #psk=\"your_password\"\n psk=6a24edfec4d204601b6e1f409630702...\n}<\/pre>\n\n\n\nDelete the line with your password in plaintext, then use this in place of the
network={...}<\/code> block in the wpa_supplicant.conf <\/em>file and you should be good to go. The wpa_supplicant.conf<\/em> file can contain network blocks for multiple networks, so if you want to add your home network as well, you can. On startup, the Pi will go through the list and try to connect to each one in turn, stopping when it succeeds. So if you have two networks available in one location, then make sure to put the default one first.<\/p>\n\n\n\n<\/span>Configuring For An Enterprise Network<\/span><\/h4>\n\n\n\n
If you’re connecting to an enterprise network like the one at NYU, your network configuration is a bit more complex. If you don’t need to do this, skip to the next section. <\/p>\n\n\n\n
Many enterprise networks use the Protected Extensible Authorization Protocol, or PEAP, to manage multiple user logins. Here’s the wpa_supplicant.conf file for a PEAP network using MSCHAPv2, a common authentication protocol used with PEAP:<\/p>\n\n\n\n
ctrl_interface=DIR=\/var\/run\/wpa_supplicant GROUP=netdev\nupdate_config=1\ncountry=US\n\nnetwork={\n ssid=\"network_name\"\n key_mgmt=WPA-EAP\n eap=PEAP\n proto=WPA2\n phase2=\"auth=MSCHAPV2\"\n anonymous_identity=\"your_username\"\n identity=\"your_username\"\n password=your_password\n}\n<\/pre>\n\n\n\nPut your network name in for the ssid and your username for the anonymous_identity and the identity. Again, notice that the username and password are stored in cleartext. To make a hash for the password this time, do the following:<\/p>\n\n\n\n
$ echo -n your_password | iconv -t utf16le | openssl md4\n<\/pre>\n\n\n\n
You’ll get a reply like this:<\/p>\n\n\n\n
(stdin)= dad3329614566332455803ad3b...\n<\/pre>\n\n\n\n
Replace your_password<\/em> in the wpa_config.conf<\/em> with this hash like so:<\/p>\n\n\n\n
password=hash:dad3329614566332455803ad3b...\n<\/pre>\n\n\n\n
Once that’s set, you’ve enabled your Raspberry Pi to access the network configuration you set up, and you’ve saved the configuration to disk. The WiFi radio should start scanning for networks. You can check that you’re connected using ifconfig wlan0 and iwconfig wlan0 as you did before.<\/p>\n\n\n\n
<\/span>Connecting Via WiFi and ssh<\/span><\/h3>\n\n\n\n
To connect via WiFi and ssh instead of serial, you need to have created the ssh file and the
wpa_supplicant.conf<\/code> file mentioned above. Your Pi should connect to the network that you configured it for after it boots up. This might take a minute or two. When the Pi is booted up, make sure your personal computer is on the same WiFi network, then open the command line interface on your personal computer and type:<\/p>\n\n\n\nssh username@your-pi-name.local<\/pre>\n\n\n\n
Alternately, you can use the IP address of your Pi if you know it, instead of raspberrypi.local. You should get a response like this:<\/p>\n\n\n\n
username@your-pi-name.local's password:<\/pre>\n\n\n\n
Enter your password and you’ll be logged in.
<\/a><\/p>\n\n\n\n<\/span>Testing Your Network Connection with curl<\/span><\/h3>\n\n\n\n
You can test your network connection by making a web request. The command line program curl<\/em> is a good way to do this. Type:<\/p>\n\n\n\n
$ curl http:\/\/www.example.com\n<\/pre>\n\n\n\n
You should get a response that includes a lot of HTML,
ending with the following:<\/p>\n\n\n\n<body>\n <div>\n <h1>Example Domain<\/h1>\n nts. You may use this\n domain in examples without prior coordination or asking\n for permission.<\/p>\n <p><a href=\"http:\/\/www.iana.org\/domains\/example\">More\n information...<\/a><\/p>\n <\/div>\n <\/body>\n <\/html><\/pre>\n\n\n\n
If you got this result, your Raspberry Pi is now connected to the internet.<\/p>\n\n\n\n
<\/span>Deleting Your History File<\/span><\/h3>\n\n\n\n
At this point you have entered some sensitive information on the command line (like your passwords) and it gets saved in a file called
.bash_history.<\/code> To see this file, type:<\/p>\n\n\n\n$ sudo less ~\/.bash_history<\/pre>\n\n\n\n
You can scroll through and see everything you’ve typed. This is useful, because you can just hit the up arrow on the command line to repeat older commands, but it’s also a security risk. You may notice the line where you typed in your password, for example. You can open this file with the nano text editor and delete any line with cmd-k. To save and close the file, type cmd-x, then y to confirm the change.<\/a><\/p>\n\n\n\n
<\/span>Updating the Operating System<\/span><\/h2>\n\n\n\n
Next you should upgrade the operating system to make sure you have the latest patches for all the software in it. Make sure you’re connected to the internet, because you’re going to update the list of installed software packages and upgrade them from the Raspbian package repository. You’ll use APT, the advanced packaging tool, to do this, via its apt-get<\/em> utility. Each of these commands will take a long time. Type:<\/p>\n\n\n\n
$ sudo apt update<\/pre>\n\n\n\n
You should get this message at the end:<\/p>\n\n\n\n
Reading package lists... Done<\/pre>\n\n\n\n
If you get an error, check your network connection. The most likely error is that it didn’t get all the updates because it didn’t have a network connection. If it says you don’t have enough disk space, make sure you expanded the filesystem using raspi-config<\/em> earlier. When you’ve updated the package lists, Type:<\/p>\n\n\n\n
$ sudo apt upgrade<\/pre>\n\n\n\n
This will upgrade any installed software packages. This will take even longer than the update, and will ask you to confirm that you want to upgrade all the software. Type y<\/em> to do so. Once this is complete, you’ll have the latest versions of all the tools in your Raspbian distribution.
<\/a><\/p>\n\n\n\n<\/span>Configuring a Firewall<\/span><\/h2>\n\n\n\n
If you’re connecting to the internet, it’s wise to set up a firewall to control incoming and outgoing network connections. Understanding network ports and connections is a topic larger than this tutorial can cover. For now, we’ll assume you know that networked devices connect to each other on ports, that ports are numbered and can be incoming or outgoing, and that network traffic can use a number of transport protocols, most commonly TCP and UDP.<\/p>\n\n\n\n
The firewall rules explained here will block access to all incoming traffic except that on port 22, which is the standard port for ssh connections; ports 80, 443, which are the standard ports HTTP traffic; and port 8080, which is a common port for node.js servers. Based on this example, you should be able to add or delete ports to your firewall configuration when you need them.<\/p>\n\n\n\n
For more on ufw, see<\/p>\n\n\n\n
- \n
- An Introduction to ufw<\/a><\/li>\n\n\n\n
- Debian ufw wiki page<\/a><\/li>\n\n\n\n
- How to Configure a Firewall with ufw<\/a><\/li>\n<\/ul>\n\n\n\n
First you need to install ufw. Assuming you’ve updated your package manager, start by installing ufw:<\/p>\n\n\n\n
$ sudo apt install ufw<\/pre>\n\n\n\n
Once it’s installed, you can set defaults to allow outgoing traffic and deny incoming:<\/p>\n\n\n\n
$ sudo ufw default allow outgoing\n$ sudo ufw default deny incoming<\/pre>\n\n\n\n
This would disconnect your ssh connection if you enabled it now, so you might want to enable ssh connections before you enable the firewall. The following line will enable TCP connections on port 22, the default ssh port:<\/p>\n\n\n\n
$ sudo ufw allow ssh<\/pre>\n\n\n\n
If you’re planning to run an HTTP server, or an HTTPS server, you’ll need to enable them as well. You can specify not only the application (http, https), but also the transport protocol, like so:<\/p>\n\n\n\n
$ sudo ufw allow http\/tcp\n$ sudo ufw allow https\/tcp<\/pre>\n\n\n\n
- Debian ufw wiki page<\/a><\/li>\n\n\n\n
- An Introduction to ufw<\/a><\/li>\n\n\n\n
- You can also Change Hostname, and change the name of your system from raspberrypi<\/em> to something meaningful to you. <\/li>\n\n\n\n
- Make Power and Serial (or Ethernet) connections<\/a><\/li>\n\n\n\n
- SparkFun USB to Serial Breakout – FT232RL<\/a><\/li>\n\n\n\n