UFW (Uncomplicated Firewall) is a simple and user-friendly firewall management tool for Linux systems. It acts as a frontend for iptables/nftables and allows administrators to control network traffic without writing complex rules.
It is ideal for securing Debian servers running services like SSH, web servers, mail systems, or DNS.
[hr]
Why Use UFW?
A firewall is a critical part of server security. With UFW you can:
- Block unwanted incoming connections
- Allow only required services
- Protect SSH access
- Manage firewall rules easily
- Enable logging for monitoring
Installation
First update your system:
Code: Select all
apt update
Code: Select all
apt install ufw
Code: Select all
ufw status
Code: Select all
Status: inactive
Basic Configuration
Set secure default policies:
Code: Select all
ufw default deny incoming
ufw default allow outgoing
- Incoming traffic is blocked
- Outgoing traffic is allowed
Important: Allow SSH First
Before enabling UFW, allow SSH access:
Code: Select all
ufw allow OpenSSH
Code: Select all
ufw allow 22/tcp
[hr]
Allow Common Services
Web Server (Apache / Nginx)
Code: Select all
ufw allow 80/tcp
ufw allow 443/tcp
Code: Select all
ufw allow "Apache Full"
Code: Select all
ufw allow 25/tcp
ufw allow 587/tcp
ufw allow 465/tcp
ufw allow 993/tcp
ufw allow 995/tcp
Code: Select all
ufw allow 53/tcp
ufw allow 53/udp
Enable UFW
Activate the firewall:
Code: Select all
ufw enable
Code: Select all
ufw status verbose
Code: Select all
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
53 ALLOW Anywhere
Advanced Rules
Allow access from a specific IP:
Code: Select all
ufw allow from 203.0.113.10 to any port 22 proto tcp
Code: Select all
ufw deny 3306/tcp
Code: Select all
ufw delete allow 3306/tcp
Code: Select all
ufw status numbered
ufw delete 3
Enable Logging
Code: Select all
ufw logging on
Code: Select all
/var/log/ufw.log
IPv6 Configuration
Edit the config file:
Code: Select all
nano /etc/default/ufw
Code: Select all
IPV6=yes
Code: Select all
ufw reload
Useful Commands
Reload rules:
Code: Select all
ufw reload
Code: Select all
ufw disable
Code: Select all
ufw reset
Example: Basic Web Server Setup
Code: Select all
apt update
apt install ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow OpenSSH
ufw allow 80/tcp
ufw allow 443/tcp
ufw logging on
ufw enable
ufw status verbose
Common Mistakes
- Forgetting to allow SSH before enabling UFW
- Opening too many unnecessary ports
- Ignoring IPv6 configuration
- Conflicts with Docker firewall rules
Conclusion
UFW is a powerful and simple firewall tool for Debian systems. It allows you to secure your server quickly with clear and manageable rules.
A good firewall strategy is:
- Deny all incoming traffic by default
- Allow only required services
- Restrict sensitive ports
- Enable logging
- Check IPv6 support