Set Up a Firewall on Linux (UFW & IPTables) | FastLayer

A firewall is an essential part of any server configuration. It controls network access and protects your server from unauthorized access. In this guide, we'll show you how to set up a secure firewall using UFW or IPTables on Debian/Ubuntu (and partly CentOS/Fedora) — specifically for FastLayer servers.

✅ Requirements

  • Root access or use of sudo
  • Debian/Ubuntu, or alternatively CentOS/RHEL with UFW support
  • SSH access configured

⚡ Step 1: Gain Root Privileges

sudo su -

Step 2: Install UFW

Debian/Ubuntu:

sudo apt update
sudo apt install ufw

CentOS/Fedora/RHEL:

sudo dnf install ufw
# or for older versions
sudo yum install ufw

Step 3: Whitelist SSH Port

If you changed the SSH port, edit the OpenSSH profile file:

nano /etc/ufw/applications.d/openssh-server

Example:

[OpenSSH]
title=Secure shell server
description=OpenSSH implementation
ports=2222/tcp

Then:

ufw app update OpenSSH
ufw app info OpenSSH

Step 4: Enable UFW and Allow Ports

ufw allow OpenSSH
ufw allow 5555
ufw enable

Check with:

ufw status
ufw status verbose
ufw status numbered

❌ Step 5: Delete Rules

By number:

ufw delete 2

Directly:

ufw delete allow 5555

⚖️ Step 6: Allow or Block Specific IPs

Allow:

ufw allow from 10.1.2.3
ufw allow from 10.1.0.0/24 to any port 4444

Block:

ufw deny from 10.3.2.5
ufw deny from 10.3.2.4 to any port 3333

Block outgoing connections:

ufw deny out 25
ufw deny out to 10.4.4.4

Alternative: Use IPTables Directly

Basic rules:

iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -p icmp -j ACCEPT
iptables -I INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

IPv6:

ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT

Block:

iptables -A INPUT -p tcp --dport 3333 -j DROP
iptables -A INPUT -s 10.4.5.6 -j DROP

Allow:

iptables -I INPUT -s 10.1.2.3 -j ACCEPT
iptables -I INPUT -s 10.4.0.0/24 -p tcp -m multiport --dports 2222,3333 -j ACCEPT

Save IPTables Permanently (Debian/Ubuntu)

apt install netfilter-persistent
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
systemctl enable netfilter-persistent
systemctl restart netfilter-persistent

Check after reboot:

sudo reboot
iptables-save
ip6tables-save

FastLayer

Our servers come without a pre-installed firewall, giving you full control. With this guide, you can set up your own secure environment in just a few minutes.

More Linux tutorials + hosting: https://fastlayer.eu

Was this answer helpful? 3 Users Found This Useful (3 Votes)

Most Popular Articles

Remote LUKS Unlock via SSH with Dropbear (Debian/Ubuntu)

Remote LUKS Unlock via SSH with Dropbear LUKS (Linux Unified Key Setup) is the standard for disk...
Basic Protection for Linux Servers

Basic Protection for Linux Servers – FastLayer Security Guide This guide provides essential...
Install SSL with Let's Encrypt / Certbot

Install SSL with Let's Encrypt / Certbot This guide helps you configure HTTPS using free Certbot...
Configure a Firewall with UFW (Linux)

Configure a Firewall with UFW (Linux) A firewall is essential to block unauthorized access to...
Securing SSH with Key-Based Authentication

Securing SSH with Key-Based Authentication Protecting SSH access is critical for server...