Setting up a firewall in Ubuntu using UFW on UFO.Hosting servers

In this article we will analyze basic commands and principles of working with the UFW (Uncomplicated Firewall) utility to protect your Ubuntu server.

Why do you need a firewall?

Servers are regularly scanned and attacked. This can lead to data leaks or web application failures, all due to incorrect security. Therefore the setting UFW will help limit access to the server and reduce risks.

Job Prerequisites

First, you need to update the list of packages so that the system receives the current version of UFW:

1. sudo apt-get update
2. sudo apt-get install ufw

Most Ubuntu servers already have the UFW utility pre-installed. You can check its presence using the command: 

ufw --version

If it is not there, install it using the command:

sudo apt-get install ufw

Allowing SSH connections

Before enabling UFW, make sure you have SSH access, otherwise you will lose connection to the server. If in doubt, enable SSH in advance.

sudo ufw allow ssh

UFW understands the names of standard services (ssh, sftp, http, https). If SSH uses a different port, replace ssh with the port number:

sudo ufw allow 2222

How to enable UFW

Run the command:

sudo ufw enable

You will see a warning:

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

Since SSH is already enabled, press y. 

Allowing other connections

HTTP (port 80)

sudo ufw allow http

or

sudo ufw allow 80

If you are running a web server, browsers will not be able to connect without this rule.

HTTPS (port 443)

sudo ufw allow https

or

sudo ufw allow 443

For a secure connection via SSL/TLS, add this rule.

FTP (port 21)

sudo ufw allow ftp

or

sudo ufw allow 21/tcp

If the server uses FTP to transfer files, allow this port. SFTP doesn’t need separate rules because it uses SSH.

How to work with port ranges

If the application uses multiple ports (for example, 3000–3100):

sudo ufw allow 3000:3100

sudo ufw allow 3000:3100/tcp

sudo ufw allow 3000:3100/udp

Specify the protocol if it is important for the operation of the service (TCP for the web, UDP for games or VoIP).

How to allow access for specific IPs

Allow access to a specific IP:

sudo ufw allow from 123.45.67.89

The resolution works to all server ports. If you only need access to a specific port:

sudo ufw allow from 123.45.67.89 to any port 22

You can also allow an entire subnet:

sudo ufw allow from 123.45.67.89/24

sudo ufw allow from 123.45.67.89/24 to any port 22

How to deny connections

Deny HTTP:

sudo ufw deny http

Deny connections from a specific IP:

sudo ufw deny from 123.45.67.89

Use these commands if you want restrict access to the server for specific services or IP.

How to delete rules

By number

sudo ufw status numbered

sudo ufw delete 2

According to the actual rule

sudo ufw delete allow http

sudo ufw delete allow 80

First, check the list of rules so that you don’t accidentally delete the desired connection.

How to disable and reset UFW

To do this, you need to disable the firewall:

sudo ufw disable

Reset all rules:

sudo ufw reset

After the reset, all connections will be allowed only by default. Use with caution.

UFW logs

Enable logging:

sudo ufw logging on

Log levels:

• off is everything that is turned off
• low — indicates packets that are blocked and those that are allowed according to the rules
• medium — all new connections and invalid packets
• high — like medium, plus speed limit
• full — full log without restrictions

Example:

sudo ufw logging high

View log files:

ls /var/log/ufw*

Logs help track connection attempts and identify suspicious traffic.

Conclusion

Once UFW is configured, the server is protected by basic rules.

• Check that all necessary applications have access to their ports
• Block unnecessary connections
• Enter logs to track suspicious activity

Even minimal configuration significantly reduces the risk of intrusion and helps your server operate securely on UFO.Hosting.

CONTENT:

Similar

All news