Qtum Pi UI Firewall Setup For Raspberry Pi 3

If you are using the browser user interface for your Qtum Wallet on a Raspberry Pi, this tutorial will help you block internet access to the UI.

Installation

To get started we are going to install Uncomplicated Firewall, an easy to use out of the box firewall.

Enter the following command in the terminal to install UFW:

$ sudo apt-get install ufw

Configuration

To see what ports are currently in use we can type:

$ netstat -lptn

You will see something similar to below.

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:3404            0.0.0.0:*               LISTEN      1020/python3        
tcp        0      0 0.0.0.0:3888            0.0.0.0:*               LISTEN      846/qtumd           
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::3888                 :::*                    LISTEN      846/qtumd           
tcp6       0      0 :::3889                 :::*                    LISTEN      846/qtumd           
tcp6       0      0 :::22                   :::*                    LISTEN      -                   

As you can see we have:

• Qtum UI using port 3404
• Qtum Wallet using port 3888 & 3889
• SSH using port 22

First, we will create a rule to block all incoming ports by entering the following:
NOTE: If you have processes requiring open incoming ports you will need to set a rule to allow access.

$ sudo ufw default deny incoming

Now we need to find our subnet IP, to do this enter the following:

$ ifconfig | grep broadcast

You should see something like this depending on your router.

inet 192.168.15.XX  netmask 255.255.255.0  broadcast 192.168.10.255

Or something like this.

inet 10.0.0.XX  netmask 255.255.255.0  broadcast 10.0.0.255

Looking at the broadcast address, we need to replace 255 with 0 and add /24, so it looks like this 192.X.X.0/24 or 10.X.X.0/24. We will us this when entering commands later in the tutorial.
Please note the X represents the number that is shown in broadcast as this can be different for each network. Looking at the first broadcast IP, I would use 192.168.10.0/24

Now to configure the firewall to allow the Qtum wallet access to Ports 3888 & 3889,
enter the following:

$ sudo ufw allow 3888:3889/tcp

Next, we want to enable SSH for connecting to our Raspberry Pi from our local area network, the default port is 22.
If you have changed the port for SSH, you would use that instead of 22.
We do this by entering the following :
NOTE: Use the broadcast address replacing 255 with 0 and adding /24 as discribed above.

$ sudo ufw allow from X.X.X.0/24 to any port 22

Now we want to enable access to the Qtum Pi UI, but only for users on the same local area network by entering the following:

$ sudo ufw allow from X.X.X.0/24 to any port 3404 proto tcp

Let's enable the firewall and then reboot the Raspberry Pi, enter y when prompted.

$ sudo ufw enable

After you see Firewall is active and enabled on system startup You can run sudo reboot

Now once the Raspberry Pi has restarted, you will need to make sure both Qtum Wallet and Qtum Pi UI are running.

Check status after reboot

To check what rules are in place you can run:

$ sudo ufw status

You should see the following:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       10.0.0.0/24               
3888:3889/tcp              ALLOW       Anywhere                  
3404/tcp                   ALLOW       10.0.0.0/24               
3888:3889/tcp (v6)         ALLOW       Anywhere (v6) 

Firewall Disable / reset

You can disable the firewall by running:

$ sudo ufw disable

If something is not working or there is a mistake you can rest the firewall and start again.

$ sudo ufw reset

For more info and commands check the UFW documents.

Get in touch

If you have any questions or a looking for help setting up the Qtum Pi UI
we have a Telegram group you can join here