DokumentationInstall UFW
Install and configure UFW firewall on the root server (Ubuntu/Debian)
UFW stands for Uncomplicated Firewall and is a simple frontend for iptables that significantly simplifies the administration of the server firewall.
- Update system
First update the system of your root server. Open the console and enter the following command:
apt update && apt upgrade -yapt update && apt upgrade -y- Install UFW
Install UFW by entering the following command in the console:
apt install ufwapt install ufw- Check if the installation was successful
Check whether the installation was successful by entering the following command:
ufw statusufw statusDefault setting after installation: Status: inactive
- set default rules
We recommend blocking all incoming connections and only enabling the required ports:
sudo ufw default deny incoming
sudo ufw default allow outgoingsudo ufw default deny incoming
sudo ufw default allow outgoing- Release SSH port (important!)
Open the default SSH port (port 22) if you need it for remote access to the server:
sudo ufw allow sshsudo ufw allow sshIf your SSH port differs from the default configuration (port 22), use the correct port, e.g. 33
Enable other services (optional)
- HTTP (web server):
sudo ufw allow httpsudo ufw allow http- HTTPS (SSL)
sudo ufw allow httpssudo ufw allow https- Minecraft (default port 25565)
sudo ufw allow 25565sudo ufw allow 25565- Teamspeak 3 (example)
sudo ufw allow 9987 # Voice sudo ufw allow 10011 # Query sudo ufw allow 30033 # File Transfersudo ufw allow 9987 # Voice sudo ufw allow 10011 # Query sudo ufw allow 30033 # File TransferEnable UFW
Activate the firewall:
sudo ufw enablesudo ufw enableConfirm with y when asked. You can then check the status:
sudo ufw statussudo ufw statusManage rules
- Remove rules (e.g. HTTP port):
sudo ufw delete allow httpsudo ufw delete allow http- Show all rules:
sudo ufw status numberedsudo ufw status numbered- Disable UFW (if necessary)
sudo ufw disablesudo ufw disable