Skip to content

How to configure UFW Firewall

Install UFW

sudo apt update && sudo apt install ufw -y

Check what is your SSH Port

grep "Port" /etc/ssh/sshd_config

Add default rules

##  enable logging
sudo ufw logging low

##  Use the default rules to allow outgoing traffic and to deny all incoming traffic.
sudo ufw default allow outgoing
sudo ufw default deny incoming

# UFW Custom SSH Port
CURRENT_SSH_PORT=$(grep "Port" /etc/ssh/sshd_config | awk -F " " '{print $2}')
ufw limit "$CURRENT_SSH_PORT"

## allow SSH - DNS - HTTP and HTTPS  - NTP
sudo ufw limit 22
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 123

## WordOps backend
sudo ufw limit 22222

## FTP stack
sudo ufw allow 21
sudo ufw allow 49000:50000/tcp

You can check what ports are currently used on your server with the following command:

sudo netstat -tulpn

Enabling UFW

sudo ufw --force enable