Setting up UFW on your VPS

What is UFW?

UFW (Uncomplicated Firewall) is a simple way to manage your VPS firewall settings. It helps protect your server by controlling which connections are allowed and which are blocked.

This guide will show you how to quickly set up basic UFW rules on your Debian or Ubuntu VPS.

First, login to your VPS using SSH:

E.g. ssh root@your-server-ip

If you're using a different user account, ensure you have sudo access.

Second, install UFW:

sudo apt update

sudo apt install ufw

Set some default rules - it's a good idea to default block incoming and allow outgoing:

sudo ufw default deny incoming

sudo ufw default allow incoming

Add an allow rule for SSH so that you don't lock yourself out:

sudo ufw allow ssh

This assumes that you're operating SSH on port 22. If you're using a custom port, then replace 'ssh' with the port number.

Enable the firewall:

sudo ufw enable

View the status of UFW and your rules:

sudo ufw status

Frequently Asked Questions

How can I delete a rule?

First, run ufw status numbered to get the list of your rules, then run ufw delete x , replacing 'x' with the number of the rule that you want to delete.

How do I restrict my rule to only allow SSH from my IP Address?

Simply run sudo ufw allow from 1.2.3.4 to any port 22 proto tcp , replacing '1.2.3.4' with your IP Address, and '22' with your SSH Port if you have changed it.

I've accidentally locked myself out, how do I get back in?

Login to your VPS panel and you should be able to establish a NoVNC connection to your VPS. You can then run ufw disable to regain access to your VPS. We recommend only temporarily disabling the firewall so that you can correct your rules.

I've set rules and enabled the firewall, but I can still access the services that I've restricted?

This is common when using Docker, since Docker manages its own Firewall rules in iptables. Creating firewall rules for Docker services is out of the scope of this guide. 

I don't want to manage the firewall of my VPS via the CLI, is there a GUI?

Yes, you can also set firewall rules directly on our VPS Management Panel. There's no 'better' option to use, but bear the following in mind:

• Creating your firewall rules via CLI allows you to easily reproduce these rules across other servers, such as when using Infrastructure as Code (IaC) with Ansible etc.
• Creating firewall rules from our VPS Management GUI will be able to restrict communication to Docker ports, so it may be an easier option if you wish to do this.
• For advanced configurations, neither option may be suitable. You may wish to create rules directly in iptables. 

If you have a Managed VPS and would like us to configure a firewall for you, please contact our Support Team.