Protect Your Linux Server with UFW Firewall: A Step-by-Step Guide

Published on


A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. By implementing a firewall, you can reduce the risk of unauthorized access to your server.

UFW is a simple and uncomplicated firewall that makes it easy to secure your Linux server.

Set Up UFW Firewall on Linux

Install UFW

UFW is already installed on most Linux distributions, but if it's not, you can install it using the package manager for your distribution. For example, on a Debian-based system, you can use the following command:

sudo apt-get update
sudo apt-get install ufw

Check the Status of UFW

To check the status of UFW, you can use the following command:

sudo ufw status

Allow or Deny Traffic

You can use UFW to allow or deny incoming traffic based on ports and protocols.

For example, to allow incoming SSH traffic, you can use the following command:

sudo ufw allow ssh

Note that by specifying ssh above, ufw assumes you want to allow port 22 which is the default ssh port, however if you have followed by previous guide on securing the ssh on your linux servers then the above command won't be much of an help because you would've changed your default ssh port to something else

You can also specify a specific port to allow or deny in ufw by following this command:

sudo ufw allow 2222

Start UFW

Once you have created your firewall rules, you can start UFW using the following command:

sudo ufw enable

Check UFW Status

To verify that UFW is running and your rules are in place, you can use the following command:

sudo ufw status verbose

Best practices

A good practice in terms of security is to deny all incoming traffic and selectively open ports/services using the allow rule

To do this, we will use the following commands:

sudo ufw default deny incoming
sudo ufw default allow outgoing

This basically denys all incoming traffic so your servers are not accessible from outside world and allows all outgoing traffic so you can connect to anything on the outside world.

Very Important

Make sure you allow SSH as incoming traffic else even you won't be able to connect your server via SSH.

So allow the SSH rule before enabling ufw with the above default rules.


UFW is a user-friendly firewall that makes it easy to secure your Linux server. By following the steps outlined in this guide, you can install and set up UFW, create firewall rules, and manage firewall rules in Linux.

Don't wait – start securing your Linux server with UFW firewall today!

Updates straight in your inbox!

A periodic update about my life, recent blog posts, TIL (Today I learned) related stuff, things I am building and more!

Share with others

Liked it?


You may also like

  • linuxsecurity

    Stay Secure — Essential SSH Security Practices for Linux Servers

    Protect your Linux server from potential threats by following best practices for SSH security. Learn about using strong passwords, disabling root login, enabling public key authentication, and more in our comprehensive guide.

    5 min read
  • security

    Zero Day Attacks: Understanding the Unannounced Threats

    Discover the dangerous world of zero day attacks and learn how they can exploit vulnerabilities in software to cause harm to businesses and individuals alike. From the definition to real-life examples, this article covers all you need to know about zero day attacks.

    3 min read
  • security

    Denial of Service Attacks: What They Are and How to Protect Against Them

    Discover the basics of Denial of Service (DoS) attacks and learn how to safeguard your website and online presence from these malicious attacks.

    3 min read