How to Set Up a Basic Linux Firewall (UFW) for Beginners β Complete Guide
π§ Introduction
When you rent a VPS or install Linux on a server, your system is exposed to the internetβand trust me, hackers scan new servers within minutes.
But donβt panic! Securing your Linux server is not rocket science. One of the simplest and safest ways to protect your machine is by using UFW (Uncomplicated Firewall).
UFW is exactly what its name says: a firewall that is not complicated.
You donβt need to understand deep networking or cryptic commands.
In this tutorial, Iβll guide you step-by-step, like an older friend walking you through your first server setup. Even if youβre a total beginner, you will understand exactly what to do and why.
Let's begin securing your server.
π Step 1 β Check if UFW Is Installed
Most Ubuntu/Debian systems already include UFW.
Run:
If the output is something like:
then UFW is installed but not active (which is normal).
If you see an error "command not found", install UFW:
π Step 2 β Allow SSH Before Enabling the Firewall
This is VERY important.
If you enable a firewall without allowing SSH first,
you will lock yourself out of your own server.
So before enabling UFW, run:
This opens port 22, which your SSH connection uses.
To verify:
π Step 3 β Enable UFW
Once SSH is allowed, you can safely activate UFW:
It will ask:
Press y.
To confirm:
Your firewall is now active and protecting your server.
π Step 4 β Allow Common Services
Here are typical ports you may need:
β Allow HTTP (port 80)
β Allow HTTPS (port 443)
β Allow MySQL (3306) β (Only if needed!)
β Allow custom port
Example port 8080:
β Allow specific IP only
Only 1 trusted IP can access port 22 (SSH):
This increases security dramatically.
π Step 5 β Deny or Remove Rules
β Deny a port:
β Delete a rule:
β Reset the firewall:
β Use with caution
π« Step 6 β Block IP Addresses
Sometimes bots or attackers spam your server.
You can block them:
Block an IP:
Block a range:
View rules:
π§ Step 7 β Enable Logging
Logging helps you monitor attacks or blocked attempts.
Enable:
Disable:
π Step 8 β Check UFW Rules
View all rules:
For detailed information:
π‘ Step 9 β Disable UFW (If Needed)
If something breaks and you need to turn firewall off temporarily:
This stops enforcing all rules.
π― Best Practices for Beginners
Here are simple rules to keep your Linux server safe without overthinking:
β Always allow SSH before enabling UFW
β Open only the ports you need
β Close ports after finishing testing
β Regularly check logs for weird activity
β Restrict SSH to one IP if possible
β Use strong passwords or SSH keys
These small tips prevent 99% of attacks.
π Conclusion
Youβve just completed a core skill every server admin must know: setting up a Linux firewall.
Thanks to UFWβs simple design, you now understand:
-
How to enable/disable a firewall
-
How to allow or block ports
-
How to block IP addresses
-
How to secure SSH
-
How to maintain good server security practices
With this knowledge, your server is already significantly more secure than most beginner setups.