UFW (Uncomplicated Firewall) is the simplest way to control which ports are reachable on your Linux server.
Basic setup
ufw default deny incoming
ufw default allow outgoing
ufw allow OpenSSH
ufw enable
Always allow SSH before enabling — otherwise you'll lock yourself out. If that happens, use the emergency console in your control panel.
Common rules
ufw allow 80,443/tcp # web server
ufw allow 3306/tcp # MySQL — only if remote access is really needed
ufw allow from 198.51.100.5 to any port 22 # SSH from one IP only
Check status
ufw status verbose
Rule of thumb: every open port is attack surface. Open the minimum, and restrict admin ports (SSH, database, panels) to known IP addresses where possible.