UFW (uncomplicated firewall) is an easy way to configure your cloud server firewall. You can add simple rules that govern access to various ports on your server. In this article, you will get the basics on how to set up your firewall using UFW for a cloud server running a basic website and allowing for SSH access.
In order to complete this tutorial you will just need to log into your server via SSH. Once there, you can run all of the commands provided from your favorite terminal emulator.
Note that all UFW commands require root or “sudo” privilege levels. Each command below is written assuming you have logged into your server as (or have otherwise assumed) the root user.
Note: in this article, you will be enabling your firewall by first closing all ports and then adding back the ports you need to operate a website and allow SSH access. This means that while ports 80 and 443 are closed your current website (if you have one) will be inaccessible. But it will soon return as we open those ports again.
Basic Port Assignments
Your cloud server comes with a few services pre-installed and running on standard ports. These include:
- SSH on port 22
- HTTP on port 80
The idea behind using a firewall is that it gives you more control over how your server can be accessed.
Install UFW (Uncomplicated Firewall)
First step, you will need to make sure that UFW is installed in your system. If not, you can easily install it using the
apt package manager:
apt install ufw
Basic UFW Setup
For your cloud server running a website you will want to make sure that you are able to serve HTTP and (optionally) HTTPS, while making sure to keep port 22 open, so you can access your server via SSH.
Instead of going through port by port and selecting which ones you want to allow or deny access to, it’s easy to start configuring your firewall by denying access to all ports and then adding back only the ones you need.
ufw default deny incoming
And now add back SSH support:
ufw allow in ssh
You will see a notice warning you that this might interrupt SSH connections:
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
Enable the firewall:
The firewall is now enabled. If you have a website running on the server you will notice it is not accessible at the moment.
To allow connections to the website, run this command:
ufw delete allow in 'WWW Full'
’WWW Full’ is a shorthand rule for allowing HTTP and HTTPS traffic on ports 80 and 443, respectively.
Reload the firewall to initiate the new rule.
Your website is now back online.
You can check the status of your firewall anytime by running the “status” command:
Or, for more information about your rules, you can use the verbose option:
ufw status verbose
The snippets above provide you with the most basic setup for your cloud server firewall.
If you don’t need cPanel, don't pay for it. Only pay for what you need with our Cloud VPS solutions.
CentOS, Debian, or Ubuntu No cPanel Bloat SSH Key Management