Secure Your VPS with UFW Firewall Management
Table Of Content
- How to Setup and Config UFW on VPS
- What is a Firewall?
- What is UFW?
- Prerequisites
- Understanding Firewalls
- To Get Access via SSH
- Install UFW
- Enable UFW
- Check UFW Status
- Configure to Support IPv6
- To Restart Firewall Disable it then Enable it
- To Check Open Ports
- To Open a Port
- To Close a Port
- To Open a Range of Ports
- To Close a Range of Ports
- To Allow a Service
- To Deny a Service
- To Allow Access to an IP Address
- To Deny Access for an IP Address
- To Allow an IP to Connect Only to a Specific Port
- To Delete a Specific Rule
- To Reset to Default Settings
- Some Useful Connections You May Want to Allow
Secure Your VPS with UFW Firewall Management
How to Setup and Config UFW on VPS
What is a Firewall?
A firewall is computer hardware or software that controls inbound and outbound traffic of a machine.
What is UFW?
UFW (Uncomplicated Firewall) is presented as a front-end of Iptables. By default, UFW denies all incoming connections and allows all outgoing connections. UFW provides a user-friendly interface for managing firewall rules on Ubuntu-based systems. This guide walks you through installing UFW, enabling it, checking its status, and configuring rules to allow specific ports, services, and IP addresses.
Prerequisites
- Access to your VPS via SSH with root or sudo privileges.
Understanding Firewalls
A firewall acts as a security barrier, controlling incoming and outgoing network traffic on your VPS. UFW simplifies managing firewall rules on top of the powerful but more complex iptables tool.
To Get Access via SSH
- Syntax:
ssh -p PORT USERNAME@HOSTIP - Example:
ssh -p 22 root@216.32.44.12
Install UFW
apt install ufwEnable UFW
ufw enableCheck UFW Status
- To Check Normal Mode:
ufw status - To Check in More Comprehensive Mode:
ufw status verbose - To Check with Number:
ufw status numbered
Configure to Support IPv6
- Open Config File:
nano /etc/default/ufw - Then Change:
IPV6=yes
To Restart Firewall Disable it then Enable it
ufw disable
ufw enableTo Check Open Ports
It will show only those which are currently running:
netstat -tulpnTo Open a Port
- Syntax:
ufw allow port/protocol - Example:
ufw allow 21/tcp
To Close a Port
- Syntax:
ufw deny port/protocol - Example:
ufw deny 21/tcp
To Open a Range of Ports
- Syntax:
ufw allow [Starting_port:Ending_port]/protocol - Example:
ufw allow 300:310/tcp
To Close a Range of Ports
- Syntax:
ufw deny [Starting_port:Ending_port]/protocol - Example:
ufw deny 300:310/tcp
To Allow a Service
- Syntax:
ufw allow service_name - Example:
ufw allow http
To Deny a Service
- Syntax:
ufw deny service_name - Example:
ufw deny http
To Allow Access to an IP Address
- Syntax:
ufw allow from IPAddress - Example:
ufw allow from 192.168.1.4
To Deny Access for an IP Address
- Syntax:
ufw deny from IPAddress - Example:
ufw deny from 192.168.1.5
To Allow an IP to Connect Only to a Specific Port
- Syntax:
ufw allow from IPAddress to any port Port - Example:
ufw allow from 192.168.1.4 to any port 45
To Delete a Specific Rule
- Check Status with Number:
ufw status numbered - Delete with Number
- Syntax:
ufw delete number - Example:
ufw delete 3
- Syntax:
To Reset to Default Settings
ufw resetSome Useful Connections You May Want to Allow
- To Allow SSH Connection:
ufw allow sshorufw allow 22/tcp - To Secure Web Server:
ufw allow 80/tcp - To Allow FTP Connection:
ufw allow ftporufw allow 21/tcp and 20/ftp - To Allow Web Server Profile:
ufw allow www