Security

Setting up a firewall with UFW

← Back to Knowledge Base

UFW (Uncomplicated Firewall) is the simplest way to control which ports are reachable on your Linux server.

Basic setup

ufw default deny incoming
ufw default allow outgoing
ufw allow OpenSSH
ufw enable

Always allow SSH before enabling — otherwise you'll lock yourself out. If that happens, use the emergency console in your control panel.

Common rules

ufw allow 80,443/tcp    # web server
ufw allow 3306/tcp      # MySQL — only if remote access is really needed
ufw allow from 198.51.100.5 to any port 22   # SSH from one IP only

Check status

ufw status verbose

Rule of thumb: every open port is attack surface. Open the minimum, and restrict admin ports (SSH, database, panels) to known IP addresses where possible.

Still stuck?

Our engineers are available 24/7 and happy to help.

Open a Ticket