InfrawireInfrawire Logo
Service StatusClient Area

🛡️ Install and configure UFW on a VPS

Complete guide to install and configure UFW (Uncomplicated Firewall) on your Linux VPS server to secure your services.

🛡️ Install and configure UFW on a VPS

This guide will teach you how to install and configure UFW (Uncomplicated Firewall), a simple but effective firewall for Linux. UFW makes managing firewall rules on your VPS server easier.

📋 Prerequisites

  • A VPS server with root or sudo access
  • An active SSH connection
  • Ubuntu/Debian (commands are adapted for these distributions)

📥 UFW Installation

Installation on Ubuntu/Debian

sudo apt update
sudo apt install ufw -y

Verify installation

# Check UFW status
sudo ufw status

If UFW is not activated, you will see the message: Status: inactive

⚙️ Basic configuration

Important: Before enabling UFW, make sure to allow the SSH port (22), otherwise you will be locked out of your server.

Set default rules

# Block everything incoming, allow outgoing
sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow essential connections

# Allow SSH (22)
sudo ufw allow 22/tcp

# Allow HTTP (80)
sudo ufw allow 80/tcp

# Allow HTTPS (443)
sudo ufw allow 443/tcp

🔧 Enable UFW

Once you have configured the basic rules, enable UFW:

# Enable UFW
sudo ufw enable

# Verify status
sudo ufw status verbose

Important: Make sure you have allowed SSH before enabling UFW, or you will be locked out!

📝 Advanced rules

Allow specific IP addresses

# Allow a specific IP
sudo ufw allow from 192.168.1.100

# Allow a specific IP on a specific port
sudo ufw allow from 192.168.1.100 to any port 22

Allow port ranges

# Allow port range
sudo ufw allow 8000:9000/tcp

Deny specific connections

# Deny a specific port
sudo ufw deny 8080/tcp

# Deny a specific IP
sudo ufw deny from 192.168.1.200

🔍 Rule management

List all rules

# List numbered rules
sudo ufw status numbered

# List rules with details
sudo ufw status verbose

Delete rules

# Delete a rule by number
sudo ufw delete 3

# Delete a rule by content
sudo ufw delete allow 80/tcp

Reset all rules

# Reset UFW to default state (disable and remove all rules)
sudo ufw reset

💡 Common examples

Web server configuration

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

Mail server configuration

sudo ufw allow 25/tcp    # SMTP
sudo ufw allow 587/tcp   # SMTP submission
sudo ufw allow 465/tcp   # SMTPS
sudo ufw allow 993/tcp   # IMAPS
sudo ufw allow 995/tcp   # POP3S

Database server configuration

sudo ufw allow from 192.168.1.0/24 to any port 3306  # MySQL from local network
sudo ufw allow from 192.168.1.0/24 to any port 5432  # PostgreSQL from local network

✅ Verification

Verify that UFW is working correctly:

# Check status
sudo ufw status verbose

# Check active rules
sudo ufw status numbered

# Test connection from another machine
# (Use telnet or nc to test ports)

🚫 Disable UFW

If you need to temporarily disable UFW:

# Disable UFW
sudo ufw disable

# Re-enable
sudo ufw enable

📚 Best practices

  1. Always allow SSH before enabling UFW
  2. Test rules before applying them in production
  3. Use specific IP addresses when possible instead of opening ports to all
  4. Review rules regularly to remove unused ones
  5. Document your rules for easier management
  6. Backup your configuration before major changes

🆘 Troubleshooting

Cannot connect via SSH after enabling UFW

# Connect to your server via console (if available)
# Or use your hosting provider's console access

# Reset UFW
sudo ufw reset
sudo ufw allow 22/tcp
sudo ufw enable

UFW rules not applying

# Check if UFW is active
sudo ufw status

# Reload UFW
sudo ufw reload

# Check iptables (UFW uses iptables under the hood)
sudo iptables -L -n

Port still blocked after adding rule

# Verify the rule exists
sudo ufw status numbered

# Check if there's a deny rule taking precedence
sudo ufw status verbose

# Remove and re-add the rule
sudo ufw delete allow 80/tcp
sudo ufw allow 80/tcp
sudo ufw reload

📚 Additional resources

❓ Frequently Asked Questions

Q: Can I use UFW with other firewall tools?
A: No, UFW manages iptables directly. Using UFW with other tools like firewalld can cause conflicts.

Q: How do I allow a port for a specific service?
A: You can allow by port number: sudo ufw allow 3306/tcp or by service name if available: sudo ufw allow mysql.

Q: Does UFW work on CentOS/RHEL?
A: UFW is primarily designed for Debian/Ubuntu. On CentOS/RHEL, you should use firewalld instead.

Q: How do I see what ports are currently open?
A: Use sudo ufw status verbose to see all active rules and open ports.

Q: Can I use UFW in a Docker container?
A: UFW works at the host level. Inside Docker containers, you should use Docker's own networking and security features.

Previous article

🎮 Install Pterodactyl Panel via Script

Next article

🌐 Install WireGuard VPN on a VPS

Still need help?

Contact our support

Our team is available 24/7 to help you

Join our Discord

Join our community to exchange and get help