DocumentationHow to Install UFW on Your Linux VPS
UFW (Uncomplicated Firewall) is a simple frontend for iptables that significantly simplifies the management of your server firewall.
Install UFW
Update system
First, update the package lists:bashsudo apt updatesudo apt updateInstall UFW
Install UFW with the following command:bashsudo apt install ufw -ysudo apt install ufw -y
Configure UFW
Set default rules
Block all incoming connections and allow all outgoing:bashsudo ufw default deny incoming sudo ufw default allow outgoingsudo ufw default deny incoming sudo ufw default allow outgoingAllow SSH port
Allow the SSH port so you can still connect:bashsudo ufw allow sshsudo ufw allow sshImportant
Do not skip this step, otherwise you will lock yourself out of the server! If you are using a different SSH port, allow that port instead, e.g.
sudo ufw allow 2222/tcp.Allow additional ports (optional)
Allow additional ports as needed:bash# Web server sudo ufw allow http sudo ufw allow https # Minecraft (default port 25565) sudo ufw allow 25565 # TeamSpeak 3 sudo ufw allow 9987/udp # Voice sudo ufw allow 10011/tcp # Query sudo ufw allow 30033/tcp # File Transfer# Web server sudo ufw allow http sudo ufw allow https # Minecraft (default port 25565) sudo ufw allow 25565 # TeamSpeak 3 sudo ufw allow 9987/udp # Voice sudo ufw allow 10011/tcp # Query sudo ufw allow 30033/tcp # File TransferEnable UFW
Activate the firewall:bashsudo ufw enablesudo ufw enableConfirm with
ywhen prompted.Check status
Verify that UFW is running correctly and which rules are active:bashsudo ufw statussudo ufw status
Manage rules
Show all rules with numbers:
sudo ufw status numberedsudo ufw status numberedRemove a rule (e.g. HTTP):
sudo ufw delete allow httpsudo ufw delete allow httpBlock a specific port:
sudo ufw deny 8080sudo ufw deny 8080Disable UFW:
sudo ufw disablesudo ufw disableTip
For additional protection against brute-force attacks, also set up Fail2Ban.