How to Set Up a Firewall on Linux with UFW (Ultimate Security Guide)
Setting up a firewall is one of the most important steps in securing your Linux server. Whether you’re hosting websites, APIs, or game servers, having the right firewall configuration helps
protect your system from unauthorized access and attacks.
In this guide, we’ll walk you through how to set up and manage
UFW (Uncomplicated Firewall) — a powerful yet easy-to-use tool built into most modern Linux distributions.
Powered by
Vastrox.com — the cloud platform built for speed, security, and simple server management.
What Is UFW?
UFW stands for
Uncomplicated Firewall, and it's a frontend for iptables designed to make configuring a Linux firewall easier.
With just a few commands, you can:
- Allow or block traffic to specific ports
- Set default deny rules
- Allow only certain IP addresses
- Secure your server in minutes
UFW comes pre-installed on most
Ubuntu and
Debian-based distributions, and it can be installed on others like CentOS and AlmaLinux.
What You’ll Need
- A Linux server (Ubuntu, Debian, AlmaLinux, etc.)
- Root or sudo access
- OpenSSH access (for remote management)
Tip: If you're using
Vastrox to deploy your server, UFW comes pre-installed and can be enabled instantly with custom port rules.
Step 1: Install and Enable UFW
On Ubuntu/Debian:
UFW is usually pre-installed. If not:
On CentOS/RHEL/AlmaLinux:
First, install UFW:
sudo yum install epel-release
sudo yum install ufw
Then enable the UFW service:
sudo systemctl enable ufw
sudo systemctl start ufw
Step 2: Set Default Rules
First, set the default behavior:
sudo ufw default deny incoming
sudo ufw default allow outgoing
This blocks all incoming connections except those you explicitly allow, while letting your server send data out freely.
Step 3: Allow SSH Access
Before enabling UFW, allow SSH access so you don’t get locked out:
Or if your SSH runs on a custom port (e.g. 2222):
Step 4: Allow Other Ports (Web, Game, App, etc.)
Examples:
- Web server (HTTP + HTTPS):
sudo ufw allow 80,443/tcp
- MySQL (if remote access is required):
Customize this based on your app, panel, or game server setup.
Step 5: Enable the Firewall
Once your rules are in place:
You’ll see:
“Command may disrupt existing ssh connections. Proceed with operation (y|n)?”
Type y and press Enter.
Your firewall is now active!
Step 6: Check Firewall Status
To view current rules:
To see open ports and rules in detail:
Bonus: Advanced UFW Usage
Allow a specific IP (e.g. admin panel access only):
sudo ufw allow from 192.168.1.10
Block a specific IP:
sudo ufw deny from 203.0.113.45
Remove a rule:
sudo ufw delete allow 25565
Disable UFW temporarily:
Final Tips
- Only open the ports you actually use
- Keep UFW enabled at all times
- Pair UFW with fail2ban for brute-force protection
- Add UFW setup into your server provisioning checklist
- Use Vastrox deployment templates to automate firewall configurations securely
Need Simpler Security for Your Servers?
At
Vastrox.com, our infrastructure tools are built with security in mind:
• Pre-configured UFW firewalls
• Global DDoS protection
• DNS & reverse proxy integration
• Auto-hardening during deployment
Whether you’re launching a web app, Minecraft server, or custom backend — we make Linux secure by default.
Conclusion
You’ve now secured your Linux server with UFW — an essential step in protecting your digital infrastructure. Whether you’re self-hosting or scaling up, managing firewalls should always be part of your workflow.
For more tutorials on
Linux hardening,
server optimization, and
deployment automation, visit
Vastrox.com.