Basic Firewall Setup with UFW
A firewall controls which network ports can be reached from the internet. On Ubuntu and Debian servers, UFW is the simplest way to configure basic firewall rules.
Install UFW
Section titled “Install UFW”apt updateapt install ufw -yAllow SSH first
Section titled “Allow SSH first”If your SSH port is 22, run:
ufw allow 22/tcpIf you changed SSH to another port, allow that port instead:
ufw allow <your-ssh-port>/tcpAllow common services
Section titled “Allow common services”Only open ports you actually use.
| Service | Command |
|---|---|
| HTTP website | ufw allow 80/tcp |
| HTTPS website | ufw allow 443/tcp |
| Minecraft Java | ufw allow 25565/tcp |
| Minecraft Bedrock | ufw allow 19132/udp |
| Pterodactyl Wings SFTP | ufw allow 2022/tcp |
Enable the firewall
Section titled “Enable the firewall”After allowing SSH and any required service ports, enable UFW:
ufw enableConfirm with y when asked.
Check the current rules:
ufw status verboseRemove a rule
Section titled “Remove a rule”List rules with numbers:
ufw status numberedDelete the rule by number:
ufw delete <number>Recommended defaults
Section titled “Recommended defaults”For most servers, use these defaults:
ufw default deny incomingufw default allow outgoingThen explicitly allow the ports you need.
Emergency recovery
Section titled “Emergency recovery”If you accidentally block yourself out, use the server console or rescue tools in your hosting panel if available, then disable UFW:
ufw disableAfter regaining access, fix the rules and enable it again.