DocumentationInstall UFW ​
Install and configure UFW firewall on the root server (Ubuntu/Debian)
UFW stands for Uncomplicated Firewall and is a simple frontend for iptables that significantly simplifies the administration of the server firewall.
Update system
First update the system of your root server. Open the console and enter the following command:
apt update && apt upgrade -yapt update && apt upgrade -yInstall UFW
Install UFW by entering the following command in the console:
apt install ufwapt install ufwCheck if the installation was successful
Check whether the installation was successful by entering the following command:
ufw statusufw statusDefault setting after installation:
Status: inactiveset default rules
We recommend blocking all incoming connections and only enabling the required ports:
sudo ufw default deny incoming sudo ufw default allow outgoingsudo ufw default deny incoming sudo ufw default allow outgoingRelease SSH port (important!)
Open the default SSH port (port 22) if you need it for remote access to the server:
sudo ufw allow sshsudo ufw allow sshIf your SSH port differs from the default configuration (port 22), use the correct port, e.g. 33
Enable other services (optional)
HTTP (web server):
sudo ufw allow httpsudo ufw allow httpHTTPS (SSL)
sudo ufw allow httpssudo ufw allow httpsMinecraft (default port 25565)
sudo ufw allow 25565sudo ufw allow 25565Teamspeak 3 (example)
sudo ufw allow 9987 # Voice sudo ufw allow 10011 # Query sudo ufw allow 30033 # File Transfersudo ufw allow 9987 # Voice sudo ufw allow 10011 # Query sudo ufw allow 30033 # File TransferEnable UFW
Activate the firewall:
sudo ufw enablesudo ufw enableConfirm with
ywhen asked. You can then check the status:sudo ufw statussudo ufw statusManage rules
Remove rules (e.g. HTTP port):
sudo ufw delete allow httpsudo ufw delete allow httpShow all rules:
sudo ufw status numberedsudo ufw status numberedDisable UFW (if necessary)
sudo ufw disablesudo ufw disable