ArrowLeft Icon

Protect Your Linux Server with UFW Firewall: A Step-by-Step Guide

📆 · ⏳ 3 min read · 👀
·
#️⃣ linux #️⃣ security

Introduction

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. By implementing a firewall, you can reduce the risk of unauthorized access to your server.

UFW is a simple and uncomplicated firewall that makes it easy to secure your Linux server.

Set Up UFW Firewall on Linux

Install UFW

UFW is already installed on most Linux distributions, but if it’s not, you can install it using the package manager for your distribution. For example, on a Debian-based system, you can use the following command:

sudo apt-get update
sudo apt-get install ufw

Check the Status of UFW

To check the status of UFW, you can use the following command:

sudo ufw status

Allow or Deny Traffic

You can use UFW to allow or deny incoming traffic based on ports and protocols.

For example, to allow incoming SSH traffic, you can use the following command:

sudo ufw allow ssh
💡

Note that by specifying ssh above, ufw assumes you want to allow port 22 which is the default ssh port, however if you have followed by previous guide on securing the ssh on your linux servers then the above command won’t be much of an help because you would’ve changed your default ssh port to something else

You can also specify a specific port to allow or deny in ufw by following this command:

sudo ufw allow 2222

Start UFW

Once you have created your firewall rules, you can start UFW using the following command:

sudo ufw enable

Check UFW Status

To verify that UFW is running and your rules are in place, you can use the following command:

sudo ufw status verbose

Best practices

A good practice in terms of security is to deny all incoming traffic and selectively open ports/services using the allow rule

To do this, we will use the following commands:

sudo ufw default deny incoming
sudo ufw default allow outgoing

This basically denys all incoming traffic so your servers are not accessible from outside world and allows all outgoing traffic so you can connect to anything on the outside world.

⚠️

Very Important

Make sure you allow SSH as incoming traffic else even you won’t be able to connect your server via SSH.

So allow the SSH rule before enabling ufw with the above default rules.

Conclusion

UFW is a user-friendly firewall that makes it easy to secure your Linux server. By following the steps outlined in this guide, you can install and set up UFW, create firewall rules, and manage firewall rules in Linux.

Don’t wait – start securing your Linux server with UFW firewall today!

EnvelopeOpen IconStay up to date

Get notified when I publish something new, and unsubscribe at any time.

Previous Article

Building My First Home Lab

Next Article

Stay Secure — Essential SSH Security Practices for Linux Servers

You may also like

  • # linux# security

    Stay Secure — Essential SSH Security Practices for Linux Servers

    Protect your Linux server from potential threats by following best practices for SSH security. Learn about using strong passwords, disabling root login, enabling public key authentication, and more in our comprehensive guide.

  • # linux

    How to Use the Linux Socat Command for Bidirectional Data Transfer Between Network Connections

    The Linux socat command provides a powerful and flexible solution for bidirectional data transfer between network connections. In this article, we'll explore how to use the socat command in Linux and provide practical examples to help you get started.

  • # linux

    How to Use the Linux Shred Command for Secure File Deletion

    Deleting a file from your computer's hard drive doesn't actually erase the data, leaving it open to recovery by unauthorized individuals. The Linux `shred` command provides a simple and effective solution to securely delete files from your computer's hard drive. In this article, we'll explore how to use the `shred` command in Linux and provide practical examples to help you get started.