Secure Your Debian Cloud Server With UFW (Uncomplicated Firewall) Updated on March 6, 2025 by Christopher Maiorana 2 Minutes, 43 Seconds to Read UncomplicatedFirewall (UFW) is a user-friendly command-line interface for managing iptables, designed to simplify firewall configuration on Linux servers. You can add simple rules that govern access to various ports on your server. In this article, you will get the basics on how to set up your firewall using UFW for a cloud server running a basic website and allowing for SSH access. Basic Port Assignments Install UFW Basic UFW Setup Checking Status In order to complete this tutorial you will just need to log into your server via SSH. Once there, you can run all of the commands provided from your favorite terminal emulator. Note that all UFW commands require root or “sudo” privilege levels. Each command below is written assuming you have logged into your server as (or have otherwise assumed) the root user. Note: In this article, you will be enabling your firewall by first closing all ports and then adding back the ports you need to operate a website and allow SSH access. This means that while ports 80 and 443 are closed your current website (if you have one) will be inaccessible. But it will soon return as we open those ports again. Basic Port Assignments Your cloud server comes with a few services pre-installed and running on standard ports. These include: SSH on port 22 HTTP on port 80 The idea behind using a firewall is that it gives you more control over how your server can be accessed. Install UFW (Uncomplicated Firewall) First step, you will need to make sure that UFW is installed in your system. If not, you can easily install it using the apt package manager: apt install ufw Basic UFW Setup For your cloud server running a website you will want to make sure that you are able to serve HTTP and (optionally) HTTPS, while making sure to keep port 22 open, so you can access your server via SSH. Instead of going through port by port and selecting which ones you want to allow or deny access to, it’s easy to start configuring your firewall by denying access to all ports and then adding back only the ones you need. ufw default deny incoming And now add back SSH support: ufw allow in ssh You will see a notice warning you that this might interrupt SSH connections: Command may disrupt existing ssh connections. Proceed with operation (y|n)? Enable the firewall: ufw enable The firewall is now enabled. If you have a website running on the server you will notice it is not accessible at the moment. To allow connections to the website, run this command: ufw delete allow in 'WWW Full' ‘WWW Full’ is a shorthand rule for allowing HTTP and HTTPS traffic on ports 80 and 443, respectively. Reload the firewall to initiate the new rule. ufw reload Your website is now back online. Checking Status You can check the status of your firewall anytime by running the “status” command: ufw status Or, for more information about your rules, you can use the verbose option: ufw status verbose The snippets above provide you with the most basic setup for your cloud server firewall. Check out our detailed guide on opening ports in UFW. Learn how to open, close, check, and remove ports in UFW to secure your system effectively. Share this Article CM Christopher Maiorana Content Writer II Christopher Maiorana joined the InMotion community team in 2015 and regularly dispenses tips and tricks in the Support Center, Community Q&A, and the InMotion Hosting Blog. More Articles by Christopher Related Articles Resetting the cPanel Password in WHM How to Change your root Password in WHM How to Stop and Disable Firewalld Content Security Policy (CSP) Headers – Complete Reference Guide Why You Need To Keep Your Website’s PHP Version Up-to-Date Learning About Mod_security and Disabling Mod_security Close Open Ports for PCI Compliance How to Pass PCI Compliance Scans DDoS Protection Using Corero How to Open a Port in Firewalld
