Protect Your Linux Server with UFW Firewall: A Step-by-Step Guide

📆 · ⏳ 3 min read · ·


A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. By implementing a firewall, you can reduce the risk of unauthorized access to your server.

UFW is a simple and uncomplicated firewall that makes it easy to secure your Linux server.

Set Up UFW Firewall on Linux

Install UFW

UFW is already installed on most Linux distributions, but if it’s not, you can install it using the package manager for your distribution. For example, on a Debian-based system, you can use the following command:

Terminal window
sudo apt-get update
sudo apt-get install ufw

Check the Status of UFW

To check the status of UFW, you can use the following command:

Terminal window
sudo ufw status

Allow or Deny Traffic

You can use UFW to allow or deny incoming traffic based on ports and protocols.

For example, to allow incoming SSH traffic, you can use the following command:

Terminal window
sudo ufw allow ssh

Note that by specifying ssh above, ufw assumes you want to allow port 22 which is the default ssh port, however if you have followed by previous guide on securing the ssh on your linux servers then the above command won’t be much of an help because you would’ve changed your default ssh port to something else

You can also specify a specific port to allow or deny in ufw by following this command:

Terminal window
sudo ufw allow 2222

Start UFW

Once you have created your firewall rules, you can start UFW using the following command:

Terminal window
sudo ufw enable

Check UFW Status

To verify that UFW is running and your rules are in place, you can use the following command:

Terminal window
sudo ufw status verbose

Best practices

A good practice in terms of security is to deny all incoming traffic and selectively open ports/services using the allow rule

To do this, we will use the following commands:

Terminal window
sudo ufw default deny incoming
sudo ufw default allow outgoing

This basically denys all incoming traffic so your servers are not accessible from outside world and allows all outgoing traffic so you can connect to anything on the outside world.


Very Important

Make sure you allow SSH as incoming traffic else even you won’t be able to connect your server via SSH.

So allow the SSH rule before enabling ufw with the above default rules.


UFW is a user-friendly firewall that makes it easy to secure your Linux server. By following the steps outlined in this guide, you can install and set up UFW, create firewall rules, and manage firewall rules in Linux.

Don’t wait – start securing your Linux server with UFW firewall today!

You may also like

  • Exploding your system: The deadly Fork Bomb in Linux

    Are you familiar with the term 'fork bomb' in Linux? If not, it is a potentially dangerous command that can severely impact system performance and stability. In this article, we will explore what a fork bomb is, how it works, and how to protect your Linux system from its harmful effects.

  • Stay Secure — Essential SSH Security Practices for Linux Servers

    Protect your Linux server from potential threats by following best practices for SSH security. Learn about using strong passwords, disabling root login, enabling public key authentication, and more in our comprehensive guide.

  • Setup Jellyfin with Hardware Acceleration on Orange Pi 5 (Rockchip RK3558)

    Recently I moved my Jellyfin to an Orange Pi 5 Plus server. The Orange Pi 5 has a Rockchip RK3558 SoC with integrated ARM Mali-G610. This guide will show you how to set up Jellyfin with hardware acceleration on the Orange Pi 5.