How to Set Up a Firewall (UFW)
Open only the ports you actually need with Ubuntu's UFW firewall.
Introduction
UFW ("uncomplicated firewall") is the simplest way to lock down a Linux VPS. It's a friendly wrapper around iptables.
Install UFW
apt install ufw -yMost Ubuntu VPS images come with UFW preinstalled.
Set Up the Default Rules
- 1Allow SSH first, don't lock yourself out:
ufw allow OpenSSH- 1Deny everything else inbound:
ufw default deny incoming
ufw default allow outgoing- 1Enable:
ufw enable- 1Type
yto confirm - 2Check status:
ufw status verboseOnly SSH gets through. Everything else is blocked.
Add Service-Specific Rules
- HTTP & HTTPS:
ufw allow 'Nginx Full' - Minecraft:
ufw allow 25565 - Custom port:
ufw allow 8080/tcp - Range:
ufw allow 5000:6000/tcp
Remove a Rule
- 1List numbered rules:
ufw status numbered - 2Delete by number:
ufw delete 3
Tip: Run ufw status after every change. Make it a habit.
Warning: Always allow SSH before enabling UFW. If you forget and you're on a remote VPS, you'll lock yourself out and need console access.
Disable UFW
ufw disableThis stops the firewall but keeps your rules saved for next time.
Need More Help?
Locked yourself out? Use the VNC console in the panel, that bypasses SSH.
Was this helpful?
Your feedback helps us write better guides.
Related Articles
More from VPS Hosting.
Getting Started with Your Endercloud VPS
First-login checklist for a fresh Linux VPS, secure it before you build.
How to Connect via SSH (Windows & Mac)
Open a terminal session to your VPS, with password or, better, an SSH key.
How to Install a Web Server (Nginx / Apache)
Stand up Nginx or Apache on your VPS in five minutes.
Still need help?
Our team is on Discord around the clock. Real humans, real answers.