Welcome to the world of Linux servers! Securing your server is one of the essential steps when managing a Linux server, especially if you’re new to it.
A Linux firewall is a critical security measure that controls traffic, and one effective tool for this is UFW (Uncomplicated FireWall).
UFW simplifies the process of managing a firewall, making it accessible even for beginners, and it’s a perfect tool for securing your server against potential threats.
In this guide, we’ll explore how to protect your Linux server using UFW.
Why You Need UFW for Your Linux Firewall
A firewall acts as a security guard for your server, controlling incoming and outgoing traffic based on predefined security rules.
Without a firewall, your server remains vulnerable to unauthorized access and breaches.
UFW makes managing a Linux firewall easier by simplifying the rule-setting process, allowing you to efficiently block or allow traffic as needed.
Installing UFW
Luckily, UFW is included in most Linux distributions.
You can ensure that UFW is installed on your server by running the following command in your terminal:
sudo apt install ufw
By default, UFW is disabled. When enabled, it blocks all incoming connections and allows all outgoing ones.
Before enabling UFW, it’s crucial to set your firewall rules to avoid locking yourself out of the server.
Setting Up Firewall Rules
Handling SSH (Port 22)
If you have a static IP address, it’s best to allow SSH connections (port 22) only from your specific IP.
You can check your IP address by visiting ident.me. Once you know your IP, open port 22 with the following command:
sudo ufw allow from [IP_ADDRESS] to any port 22
If your IP address is dynamic, you may prefer to keep port 22 open for all connections:
sudo ufw allow 22/tcp
Opening Ports for Web Servers
Depending on your server’s purpose, you’ll need to open different ports.
For example, to run a web server, you should allow HTTP (port 80) and HTTPS (port 443):
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Configuring Database Access (MySQL, PostgreSQL)
For databases like MySQL, if you need to allow external access from a specific IP address, open port 3306:
sudo ufw allow from [IP_ADDRESS] to any port 3306
Common Linux Firewall Ports to Manage with UFW
Here are some of the most commonly used ports on Linux servers that you may need to manage with your Linux firewall:
- SSH (Port 22): Remote server management.
- HTTP (Port 80): For unencrypted web traffic.
- HTTPS (Port 443): For secure, encrypted web traffic.
- FTP (Ports 20/21): File transfer protocol.
- SMTP (Port 25): For sending emails.
- IMAP (Port 143/993): For receiving emails.
- POP3 (Port 110/995): For retrieving emails.
- DNS (Port 53): For domain name resolution.
- MySQL (Port 3306): For database access.
- PostgreSQL (Port 5432): Another database option.
- SFTP (Port 22): For secure file transfer, sharing the SSH port.
Enabling UFW on Your Linux Server
Once you’ve configured your rules, you’re ready to enable UFW. Simply run:
sudo ufw enable
You may receive a notification warning that enabling UFW will disrupt existing connections.
Since we’ve already ensured that SSH remains open, you can safely confirm and enable the firewall.
