Firewall and Security Basics (UFW) on Ubuntu

How to install and configure the UFW firewall on your VPS to prevent unauthorized access to your ports.

4 min read
#vps#linux#security#firewall#ufw#ubuntu

When you spin up a VPS, all its ports are exposed to the internet by default. It's crucial to secure them with a firewall. On Ubuntu/Debian systems, the most accessible tool is UFW (Uncomplicated Firewall).

Step 1: Installing UFW

Connect to the server via SSH (as root) and check if UFW is installed. If not, install it with the command:

bash
apt update
apt install ufw

Step 2: Allowing important ports

Critical Warning: Before enabling the firewall, you MUST allow the SSH port (port 22). If you don't do this, you will lose access to the server after activating the firewall and lock yourself out!

bash
ufw allow 22/tcp

If you are running a web server, also allow HTTP (80) and HTTPS (443):

bash
ufw allow 80/tcp
ufw allow 443/tcp

If a Minecraft server is running on the VPS (on the default port), allow it as well:

bash
ufw allow 25565

Step 3: Enabling the firewall

Once you have opened all the ports you need, you can enable the firewall:

bash
ufw enable

Then press 'y' (yes) to confirm that you are aware of the possible disruption to your SSH connection.

Checking the status

If you want to check which ports are currently allowed at any time, enter:

bash
ufw status verbose

Didn't find what you were looking for? Contact us.