Installing and Configuring UFW on Debian
Posted: Sat Apr 25, 2026 10:56 am
Installing and Configuring UFW on Debian
UFW (Uncomplicated Firewall) is a simple and user-friendly firewall management tool for Linux systems. It acts as a frontend for iptables/nftables and allows administrators to control network traffic without writing complex rules.
It is ideal for securing Debian servers running services like SSH, web servers, mail systems, or DNS.
[hr]
Why Use UFW?
A firewall is a critical part of server security. With UFW you can:
Installation
First update your system:
Then install UFW:
Check status:
Output:
[hr]
Basic Configuration
Set secure default policies:
This means:
Important: Allow SSH First
Before enabling UFW, allow SSH access:
or:
If you skip this step, you may lock yourself out of your server.
[hr]
Allow Common Services
Web Server (Apache / Nginx)
or:
Mail Server (Postfix / Dovecot)
DNS Server (Bind / PowerDNS)
[hr]
Enable UFW
Activate the firewall:
Check status:
Example:
[hr]
Advanced Rules
Allow access from a specific IP:
Deny a port:
Delete a rule:
Or by number:
[hr]
Enable Logging
Logs are stored in:
[hr]
IPv6 Configuration
Edit the config file:
Make sure this is set:
Reload UFW:
[hr]
Useful Commands
Reload rules:
Disable firewall:
Reset all rules:
[hr]
Example: Basic Web Server Setup
[hr]
Common Mistakes
Conclusion
UFW is a powerful and simple firewall tool for Debian systems. It allows you to secure your server quickly with clear and manageable rules.
A good firewall strategy is:
UFW (Uncomplicated Firewall) is a simple and user-friendly firewall management tool for Linux systems. It acts as a frontend for iptables/nftables and allows administrators to control network traffic without writing complex rules.
It is ideal for securing Debian servers running services like SSH, web servers, mail systems, or DNS.
[hr]
Why Use UFW?
A firewall is a critical part of server security. With UFW you can:
- Block unwanted incoming connections
- Allow only required services
- Protect SSH access
- Manage firewall rules easily
- Enable logging for monitoring
Installation
First update your system:
Code: Select all
apt update
Code: Select all
apt install ufw
Code: Select all
ufw status
Code: Select all
Status: inactive
Basic Configuration
Set secure default policies:
Code: Select all
ufw default deny incoming
ufw default allow outgoing
- Incoming traffic is blocked
- Outgoing traffic is allowed
Important: Allow SSH First
Before enabling UFW, allow SSH access:
Code: Select all
ufw allow OpenSSH
Code: Select all
ufw allow 22/tcp
[hr]
Allow Common Services
Web Server (Apache / Nginx)
Code: Select all
ufw allow 80/tcp
ufw allow 443/tcp
Code: Select all
ufw allow "Apache Full"
Code: Select all
ufw allow 25/tcp
ufw allow 587/tcp
ufw allow 465/tcp
ufw allow 993/tcp
ufw allow 995/tcp
Code: Select all
ufw allow 53/tcp
ufw allow 53/udp
Enable UFW
Activate the firewall:
Code: Select all
ufw enable
Code: Select all
ufw status verbose
Code: Select all
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
53 ALLOW Anywhere
Advanced Rules
Allow access from a specific IP:
Code: Select all
ufw allow from 203.0.113.10 to any port 22 proto tcp
Code: Select all
ufw deny 3306/tcp
Code: Select all
ufw delete allow 3306/tcp
Code: Select all
ufw status numbered
ufw delete 3
Enable Logging
Code: Select all
ufw logging on
Code: Select all
/var/log/ufw.log
IPv6 Configuration
Edit the config file:
Code: Select all
nano /etc/default/ufw
Code: Select all
IPV6=yes
Code: Select all
ufw reload
Useful Commands
Reload rules:
Code: Select all
ufw reload
Code: Select all
ufw disable
Code: Select all
ufw reset
Example: Basic Web Server Setup
Code: Select all
apt update
apt install ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow OpenSSH
ufw allow 80/tcp
ufw allow 443/tcp
ufw logging on
ufw enable
ufw status verbose
Common Mistakes
- Forgetting to allow SSH before enabling UFW
- Opening too many unnecessary ports
- Ignoring IPv6 configuration
- Conflicts with Docker firewall rules
Conclusion
UFW is a powerful and simple firewall tool for Debian systems. It allows you to secure your server quickly with clear and manageable rules.
A good firewall strategy is:
- Deny all incoming traffic by default
- Allow only required services
- Restrict sensitive ports
- Enable logging
- Check IPv6 support