Enabling the firewall will help you protect your dedicated server from unwanted connections to private services that you may want to disable from the public internet.
By default, the firewall in Ubuntu is disabled. In this article, we’ll explain how to use an uncomplicated firewall (UFW) to configure iptablesYou may use this guide on other distributions if UFW is installed.
Gain root access within the console/SSH by executing sudo su
Add a rule to allow SSH So we don’t disconnect by executing ufw allow [sshportnumberhere]/tcp
You also may add other services, such as HTTP, with ufw allow 80/tcp
Enable the firewall by executing ufw enable
To allow UDP ports, replace TCP with UDP. For example: ufw allow portnumberhere/udp
If you need to open a range of ports, you can execute ufw allow 100:200/tcp to allow connections from port 100 to port 200.
– You may replace TCP with UDP If you need to open UDP ports.
If you need to deny a specific IP, execute ufw deny from ipaddresshere
-You can deny an entire subnet/block by executing ufw deny from ipaddress/subnetprefix
Removing a rule in the firewall is a very simple task.
Execute ufw status numbered and look for the rule you’d like to remove.
Execute ufw delete rulenumberhere to remove the rule.
We suggest that if you’re using this command, also remove the IPv6 rules by following steps 2 and 3. Each time you delete a rule, the numbering changes.
You can specify an IP or IP subnet to only have access to a specific port. For this example: SSH.
We need to add the rule to allow the IP to connect to the port 22 and ignore all others by executing ‘ufw allow from the IP you want to pass here to any port 22 proto tcp
You can change TCP to UDP If you need to open a UDP port.
Remove any other rule that allows port 22 to all connections by executing ufw status numbered
Remove the rule by executing ufw delete rulenumberhere
We suggest that if you’re using this command, you also remove the IPv6 rules by following steps 2 and 3. Each time you delete a rule, the numbering changes.
Also, please keep in mind that when you apply this rule, if you’re not in the IP or in the IP subnet specified, you will get disconnected.