QR CookingNotes

CookingNotes

Your Personal Recipe Book

Get it on Google Play
QR FiNoteMe

FiNoteMe

Smart Finance Tracker

Get it on Google Play
linuxserver Learn how to secure your Linux server using UFW firewall. This beginner-friendly guide explains how to allow ports, block traffic, enable logging, and protect SSH safely.

How to Set Up a Firewall on a Linux Server Using UFW (Beginner-Friendly Guide)

5 Min Read Verified Content

When you put a Linux server online, it becomes part of the wild internet — and the internet is… let’s just say… not always friendly.

Bots scan IP addresses all day long trying random ports, hoping to find something open. That’s why having a firewall is one of the simplest but most important layers of protection you can add.

On Ubuntu and many Debian-based systems, the easiest firewall tool is UFW (Uncomplicated Firewall). And honestly, the name fits — it is uncomplicated.

Here’s how I normally set it up on a fresh server.

🔹 Step 1 — Check if UFW Is Installed

Most Ubuntu servers already have it. Run:

sudo ufw status

If you see something like:

Status: inactive

that means it’s installed — just not enabled yet.

If you get a “command not found”, install it:

sudo apt install ufw

Done 👍

🔐 Step 2 — Make Sure You Won’t Lock Yourself Out of SSH

This step is VERY important.

Before enabling the firewall, allow SSH. Otherwise, once UFW activates, you might lose connection — and trust me, that’s not a fun experience 😅

If your SSH runs on port 22:

sudo ufw allow 22/tcp

If you changed SSH to another port, for example 2222:

sudo ufw allow 2222/tcp

Double-check the rule:

sudo ufw status numbered

Good. Now it’s safe to continue.

🚀 Step 3 — Enable UFW

Turn it on:

sudo ufw enable

You’ll see:

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

Type:

y

Boom. Your server now has a firewall 🎉

🌐 Step 4 — Allow Web Traffic (If You Run a Website)

For HTTP:

sudo ufw allow 80/tcp

For HTTPS:

sudo ufw allow 443/tcp

Or simply:

sudo ufw allow "Nginx Full"

or:

sudo ufw allow "Apache Full"

(depending on your web server)

These presets open both 80 and 443 automatically.

🚫 Step 5 — Deny Everything Else (Default Policy)

By default, UFW blocks incoming connections and allows outgoing.
You can confirm with:

sudo ufw status verbose

You should see something like:

Default: deny (incoming), allow (outgoing)

Which means:

✔ Your apps can connect out
❌ Random strangers cannot connect in

Exactly what we want.

👁 Step 6 — View and Manage Rules

To see current rules:

sudo ufw status numbered

You might see:

[ 1] 22/tcp ALLOW Anywhere
[ 2] 80/tcp ALLOW Anywhere
[ 3] 443/tcp ALLOW Anywhere

To delete a rule, use the number:

sudo ufw delete 2

Simple and clean.

🔍 Step 7 — Enable Logging (Optional but Useful)

Logging helps when troubleshooting.

sudo ufw logging on

Logs go here:

/var/log/ufw.log

Just don’t forget to rotate logs if needed.

🛡 Bonus: Allow Specific IPs Only

Let’s say you only want your office IP to access SSH.

sudo ufw allow from 123.123.123.123 to any port 22

Or allow a subnet:

sudo ufw allow from 192.168.1.0/24

⚠ Common Mistakes to Avoid

Here are mistakes I’ve personally seen (or made 😅):

❌ Enabling UFW before allowing SSH
❌ Blocking SSH accidentally
❌ Forgetting HTTPS for websites
❌ Opening ports “just in case”

So always think:

👉 “Do I really need this port open?”

If not — keep it closed.

🎯 Final Thoughts

Setting up UFW is one of the simplest upgrades you can make to server security. It takes maybe 5–10 minutes, but it protects you 24/7.

With UFW you get:

✅ A clean, simple firewall
✅ SSH protection
✅ Controlled access
✅ Peace of mind

And best of all — you don’t need to be a Linux guru to use it.

Small effort. Big benefit.

Advertisement
Back to Linuxserver