Configuring a firewall is a critical step in securing your Ubuntu VPS. UFW (Uncomplicated Firewall) is a user-friendly interface for managing iptables firewall rules. This guide will show you how to set up UFW on your Ubuntu VPS.
Installation and Initial Configuration
-
UFW may already be installed on your Ubuntu VPS. If not, install it with:
sudo apt install ufw -
Enable UFW with:
sudo ufw enable -
Check the status with:
sudo ufw status verbose
Setting Up Default Policies
-
Set UFW to deny all incoming connections and allow all outgoing connections by default:
sudo ufw default deny incomingsudo ufw default allow outgoing
Allowing and Denying Specific Ports
-
Allow SSH connections to ensure remote management access:
sudo ufw allow sshor
sudo ufw allow 22 -
To allow traffic on specific ports (e.g., HTTP on port 80), use:
sudo ufw allow 80 -
To deny traffic on a specific port, use:
sudo ufw deny [port]
Advanced Configuration
-
For specific IP addresses or subnets, specify the rule:
sudo ufw allow from [IP address] to any port [port] -
To allow traffic on a specific port from a specific IP address:
sudo ufw allow from [IP address] to any port [port]
Managing UFW
-
To disable UFW temporarily, use:
sudo ufw disable -
To remove a rule, use:
sudo ufw delete allow [port]
Conclusion
Setting up UFW on your Ubuntu VPS is a straightforward process that significantly enhances your server's security. Remember to only open ports that are necessary for your server's operation and regularly review your firewall settings for optimal security.
