Secure Your Debian Cloud Server With UFW (Uncomplicated Firewall)

Secure Your Debian Cloud Server With UFW (Uncomplicated Firewall)

UFW (uncomplicated firewall) is an easy way to configure your cloud server firewall. You can add simple rules that govern access to various ports on your server. In this article, you will get the basics on how to set up your firewall using UFW for a cloud server running a basic website and allowing for SSH access.

In order to complete this tutorial you will just need to log into your server via SSH. Once there, you can run all of the commands provided from your favorite terminal emulator.

Note that all UFW commands require root or “sudo” privilege levels. Each command below is written assuming you have logged into your server as (or have otherwise assumed) the root user.

Note: in this article, you will be enabling your firewall by first closing all ports and then adding back the ports you need to operate a website and allow SSH access. This means that while ports 80 and 443 are closed your current website (if you have one) will be inaccessible. But it will soon return as we open those ports again.

Basic Port Assignments

Your cloud server comes with a few services pre-installed and running on standard ports. These include:

  • SSH on port 22
  • HTTP on port 80

The idea behind using a firewall is that it gives you more control over how your server can be accessed.

Install UFW (Uncomplicated Firewall)

First step, you will need to make sure that UFW is installed in your system. If not, you can easily install it using the apt package manager:

apt install ufw

Basic UFW Setup

For your cloud server running a website you will want to make sure that you are able to serve HTTP and (optionally) HTTPS, while making sure to keep port 22 open, so you can access your server via SSH.

Instead of going through port by port and selecting which ones you want to allow or deny access to, it’s easy to start configuring your firewall by denying access to all ports and then adding back only the ones you need.

ufw default deny incoming

And now add back SSH support:

ufw allow in ssh

You will see a notice warning you that this might interrupt SSH connections:

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

Enable the firewall:

ufw enable

The firewall is now enabled. If you have a website running on the server you will notice it is not accessible at the moment.

To allow connections to the website, run this command:

ufw delete allow in 'WWW Full'

’WWW Full’ is a shorthand rule for allowing HTTP and HTTPS traffic on ports 80 and 443, respectively.

Reload the firewall to initiate the new rule.

ufw reload

Your website is now back online.

Checking Status

You can check the status of your firewall anytime by running the “status” command:

ufw status

Or, for more information about your rules, you can use the verbose option:

ufw status verbose

The snippets above provide you with the most basic setup for your cloud server firewall.

If you don’t need cPanel, don't pay for it. Only pay for what you need with our scalable Cloud VPS Hosting.

check markCentOS, Debian, or Ubuntu check markNo Bloatware check markSSH and Root Access

CM
Christopher Maiorana Content Writer II

Christopher Maiorana joined the InMotion community team in 2015 and regularly dispenses tips and tricks in the Support Center, Community Q&A, and the InMotion Hosting Blog.

More Articles by Christopher

Was this article helpful? Join the conversation!