When I first got serious about running my own Linux server, I made a checklist of the basics:
✅ Secure SSH,
✅ Keep everything updated,
❌ …but forgot the firewall.
I didn’t think I needed one. I wasn’t hosting a bank. It was just a small side project. But then came the logs —
dozens of failed login attempts from random IPs every few hours.
That’s when I realized: firewalls aren’t optional.
They’re quiet guardians. And UFW (Uncomplicated Firewall) became my go-to.
What’s UFW, and Why Bother?
If you’ve ever tried to write complex iptables rules and ended up in a rabbit hole of syntax, UFW is a breath of fresh air.
It’s essentially a wrapper that makes firewall management human-friendly.
Perfect for someone who just wants to say:
“Hey, allow HTTP and SSH, block everything else.”
My Setup: Fast, Minimal, and Solid
Here’s how I secure my servers in under 5 minutes using UFW.
Step 1 – Set the default posture
I start by denying all incoming connections and allowing outgoing ones.
sudo ufw default deny incoming
sudo ufw default allow outgoing
This means:
- No one can talk to my server unless I explicitly allow it.
- My server can still pull updates and make requests.
Step 2 – Allow only what I need
I usually only open:
sudo ufw allow ssh # So I can log in (obviously)
sudo ufw allow http # If I’m running a web server
sudo ufw allow https # Because encryption is non-negotiable
If I’m doing a private database or something internal, it stays closed to the world.
Step 3 – Turn it on
And then I flip the switch.
sudo ufw enable
It’ll warn you that this may disrupt existing connections. But if you allowed SSH first, you’re safe.
Bonus: Rate Limiting SSH
Here’s one I didn’t know early on —
UFW can slow down brute-force login attempts:
sudo ufw limit ssh
It basically says:
“Hey, if someone keeps failing to log in, slow them down.”
Nice.
Checking the Rules
Want to see what’s running?
sudo ufw status verbose
This gives you a clear, readable list of active rules.
Why This Setup Works for Me
After enabling UFW and locking things down, my logs became… quiet.
And in the world of server security, quiet is good.
No more noise from bots trying every password in the dictionary.
No more exposure from random ports I forgot were open.
Just calm, clean access.
Final Thought
UFW doesn’t pretend to be a fortress. But it’s a front door — and a locked one at that.
It keeps the noise out, and it gives me peace of mind.
And the best part?
It took less than 10 minutes to set up.
Leave a Comment