Configure the Firewall (UFW)

This guide explains how to configure the firewall on your Linux VPS with UFW (Uncomplicated Firewall).

What is UFW?

UFW is a simplified interface for iptables, Linux's native firewall. It makes managing network filtering rules easy.

Installation

UFW is usually pre-installed on Ubuntu/Debian. Otherwise:

sudo apt update
sudo apt install ufw

Basic Configuration

Check Status

sudo ufw status

Default Policy

Block all incoming traffic and allow outgoing:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow SSH (important!)

Warning

Allow SSH BEFORE enabling UFW, otherwise you will lose access to your VPS!

sudo ufw allow ssh
# or with a custom port
sudo ufw allow 22/tcp

Enable the Firewall

sudo ufw enable

Common Rules

Allow a Port

# HTTP port
sudo ufw allow 80/tcp

# HTTPS port
sudo ufw allow 443/tcp

# Custom port (e.g.: FiveM)
sudo ufw allow 30120/tcp
sudo ufw allow 30120/udp

# MySQL port (local only recommended)
sudo ufw allow from 127.0.0.1 to any port 3306

Allow a Port Range

sudo ufw allow 30120:30130/tcp
sudo ufw allow 30120:30130/udp

Allow a Specific IP

# Allow all traffic from an IP
sudo ufw allow from 192.168.1.100

# Allow an IP on a specific port
sudo ufw allow from 192.168.1.100 to any port 22

Block an IP

sudo ufw deny from 203.0.113.50

Delete a Rule

# View numbered rules
sudo ufw status numbered

# Delete by number
sudo ufw delete 2

# Or delete by rule
sudo ufw delete allow 80/tcp

Useful Commands

Command	Description
`sudo ufw status verbose`	Display detailed status
`sudo ufw disable`	Disable the firewall
`sudo ufw reset`	Reset all rules
`sudo ufw reload`	Reload rules

Configuration for Common Services

Web Server (Nginx/Apache)

sudo ufw allow 'Nginx Full'
# or
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

FiveM Server

sudo ufw allow 30120/tcp
sudo ufw allow 30120/udp
sudo ufw allow 40120/tcp  # txAdmin

Minecraft Server

sudo ufw allow 25565/tcp
sudo ufw allow 25565/udp

Pterodactyl Panel

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 8080/tcp
sudo ufw allow 2022/tcp

View Logs

sudo ufw logging on
sudo tail -f /var/log/ufw.log

Tip

Always test your rules from another connection before closing your active SSH session.

What is UFW?​

Installation​

Basic Configuration​

Check Status​

Default Policy​

Allow SSH (important!)​

Enable the Firewall​

Common Rules​

Allow a Port​

Allow a Port Range​

Allow a Specific IP​

Block an IP​

Delete a Rule​

Useful Commands​

Configuration for Common Services​

Web Server (Nginx/Apache)​

FiveM Server​

Minecraft Server​

Pterodactyl Panel​

View Logs​