Setting Up a Basic Firewall Using UFW (Uncomplicated Firewall)
UFW is a simple firewall management tool available on Debian, Ubuntu, and related distributions. It's designed to make iptables easier to manage and is ideal for quickly securing your server.
1. Install UFW (If Not Already Installed)
sudo apt update
sudo apt install ufw2. Check UFW Status
sudo ufw status verboseOutput will indicate if UFW is active. If inactive, follow the next steps to enable it securely.
3. Allow SSH Before Enabling the Firewall
This prevents being locked out of the server once UFW is active:
sudo ufw allow OpenSSHOr, if you're using a custom SSH port (e.g. 2222):
sudo ufw allow 2222/tcp4. Allow Other Essential Ports
- HTTP:
sudo ufw allow 80/tcp - HTTPS:
sudo ufw allow 443/tcp - FTP (if needed):
sudo ufw allow 21/tcp
5. Enable the Firewall
sudo ufw enableConfirm with y when prompted. The firewall is now active and protecting your server.
6. View Current Rules
sudo ufw status numbered7. Remove a Rule
Get the rule number from the previous command, then run:
sudo ufw delete [rule number]8. Deny Specific IP Address
sudo ufw deny from 192.168.1.1009. Disable UFW (if needed)
sudo ufw disableSummary
UFW makes it easy to control inbound and outbound traffic on your server. By configuring only the ports you need and denying all others, you significantly reduce your exposure to potential threats.
