How to Secure Your Linux Server Using UFW Firewall?
Last Updated :
03 May, 2025
Maintaining a dependable operating system and safeguarding all the internal data require secure Linux server systems. Setting up a strong firewall management system is one of the easiest and most efficient ways to protect the security of the server. A user-friendly GUI for the potent Linux firewall utility tables is called Uncomplicated Firewall (UFW) for processing and maintaining internal security. Even individuals who are not security specialists or developers may set up and maintain a firewall on the system server by UFW.
Unsecured servers are prime targets—60% of breaches involve misconfigured firewalls (Verizon 2023 DBIR). UFW ensures your server is a fortress, not an open gate.
In this article, we'll explore the effective steps to Secure Your Linux Server Using the UFW Firewall.
How to Secure Your Linux Server Using UFW Firewall?
UFW is a Linux command-line interface for firewall configuration to manage the overall security. Compared to raw tables, it's designed to be simpler and easier to use for all the interfaces, which makes it a great option for both novice and expert users to implement. You can create personal rules with UFW that indicate what traffic is permitted to reach your server and what is not for some purposes.
Step 1: Install UFW officially
UFW is pre-installed on the majority of Linux distribution systems with proper configuration. Nonetheless, you may quickly install it using the package management system software if it isn't already installed on the internal server. Ensure sudo privileges for installation and configuration.
- For Linux-based operating systems, use the below command -
sudo apt-get update
sudo apt-get install ufw
Post-Installation
- Verify: ufw version (e.g., “ufw 0.36”).
- Enable at boot: sudo systemctl enable ufw.
- Check service: sudo systemctl status ufw.
Step 2: Check the UFW status manually
It is much crucial to verify the internal state of UFW to determine whether it is active before configuring the applications. Follow the below command -
sudo ufw status
Verbose Mode: sudo ufw status verbose – Shows additional details like logging (e.g., “Logging: on (low)”) and default policies.
Note: In the system, this message will pop up if UFW is not currently active: "Status: inactive." If it's already in the operation stage, a list of the current rules will appear on the screen.
Step 3: Allow required SSH Connections
To prevent locking the Linux system out of the server, you must permit SSH connections individually before turning on the firewall system. You must permit communication on port 22 to implement the commands, as this is where SSH runs by default.
sudo ufw allow ssh
Indicate the custom SSH port after configuring by following the below command -
sudo ufw allow 2222/tcp
/etc/ssh/sshd_config to set Port 2222, then restart: sudo systemctl restart sshd.
Limit Source IPs: Restrict SSH to specific IPs for extra security
sudo ufw allow from 192.168.1.100 to any port 22
Enable Rate Limiting: Prevent brute-force attacks:
sudo ufw limit ssh
Step 4: Enable UFW configuration
After granting SSH access to the server, use the following command to enable UFW:
sudo ufw enable
After this UFW starts, applying rules from /etc/ufw/user.rules.
- A warning appears: “Command may disrupt existing connections.”
- Default Policies (if set) take effect (e.g., deny incoming, allow outgoing).
Note: An alert informing you that turning on the firewall can break up current SSH connections throughout the process will appear.
Step 5: Allow all the essential system services
The internal services of server providers will determine whether or not need to permit additional traffic consoles. But the typical services consist of:
Command: sudo ufw allow 8080/tcp
Common Services and Commands
- HTTP (Web): sudo ufw allow 80/tcp – For Apache or Nginx.
- HTTPS (Secure Web): sudo ufw allow 443/tcp – For SSL/TLS.
- Custom Web (e.g., Jenkins): sudo ufw allow 8080/tcp.
- SMTP (Mail): sudo ufw allow 25/tcp – For Postfix.
- DNS: sudo ufw allow 53/udp – For Bind9.
- MySQL: sudo ufw allow 3306/tcp – Restrict to specific IPs for safety
sudo ufw allow from 192.168.1.100 to any port 3306
Step 6: Deny or delete all incoming traffic by default system
Defaulting to blocking all incoming traffic within the system server and then specifically allowing only the services that are required for the data collection is a popular security strategy. This can be configured by using the command:
Commands:
sudo ufw default deny incoming
sudo ufw default allow outgoing
- Deny Incoming: Blocks all unsolicited traffic unless explicitly allowed (e.g., sudo ufw allow ssh).
- Allow Outgoing: Permits server-initiated connections (e.g., apt updates, DNS queries).
Note: By using all these rules, outgoing connections are allowed within the Linux server but all incoming connections—unless specifically allowed—will be banned automatically.
Also Read
Conclusion
Using UFW to secure your Linux system server is a crucial first step in defending the network from intrusions and assaults to maintain. You can install and configure a powerful firewall that meets your unique requirements by following the instructions provided in this article efficiently. As the role of your server changes from time to time, don't forget to periodically check and update your firewall system rules to process manually continued security.
Similar Reads
How to Secure Your Linux Server with Fail2ban?
If you are a System Administrator or Developer, it is your key responsibility to secure the Linux Server. For that purpose, you can use one of the most effective tools which is Fail2ban for Linux Server.If you can Secure Linux Server with Fail2ban, you can easily manage all kinds of external threats
5 min read
How to Open Ports in Linux Server Firewall
Management of the server firewall and therefore control of the ports that are open is a very significant and fundamental procedure that any system administrator needs to master in order to control the network accessibility by closing sensitive ports. Firewalls are boundaries, that regulate traffic o
5 min read
How to Secure a Live Server?
Securing a live server is crucial to protect against unauthorized access and potential threats. Implementing robust server security best practices ensures that your server remains protected and operational. This guide will outline how to secure a live server, covering essential steps such as server
5 min read
How to setup Portmaster Firewall for Linux
"Linux is secure by default" You must have heard this a lot of times but guess what? It's a myth. Linux doesn't need a firewall or antivirusA base Linux system normally is not that secure compared to a base Windows system because by default it "normally" doesn't come with a firewall or antivirus, th
7 min read
How To Turn Off Firewall On Kali Linux?
Kali Linux is a popular operating system among cybersecurity professionals and enthusiasts due to its wide range of pre-installed tools for penetration testing and security auditing. However, for beginners, navigating its various features and configurations can be daunting. One common task that begi
4 min read
How to Configure your Linux Firewall - 3 Methods
A Linux firewall is essential for protecting your system from unauthorized access and attacks. By configuring firewall rules, you can control the flow of traffic into and out of your system. Linux offers multiple firewall management tools, including iptables and firewalld, both of which can be used
12 min read
How to create a multi-chat server using UDP?
In this article, we will see the development of a Multi-Threaded UDP Chat Server-Client Network for Data Transfer in Linux. UDP is used for low latency and connectionless characteristics, the architecture consists of a server managing multiple clients through threading. This networked chat applicati
10 min read
Top 10 Linux Server Security Tips
There are many tools and methodologies to safeguard servers from illegal access and other cyber threats. It is essential for system administrators and cyber-security teams to secure the servers correctly. Most users consider Linux a great system to have a highly secure system. To keep your servers f
8 min read
How to Secure Your WiFi From Hackers
Securing your Wi-Fi network is as necessary as securing your bank account. The longer you ignore it, the more damage it can do. That's right, your data and devices could be at high risk. A hacker can exploit your device easily if it is not secured with all the preventive measures. This article has s
8 min read
How To Install apf-firewall on Ubuntu
APF, or Advanced Policy Firewall, is a firewall that is occasionally observed on Liquid Web servers. It is essentially an interface to iptables, which is Linux's standard interface for controlling network ports. Interacting with iptables may be complicated and error-prone, but APF substantially simp
3 min read