Try Us Free for 30 Days – Your Wallet Can Thank Us Later!

Try Us Free for 30 Days – Your Wallet Can Thank Us Later!

Securing Your Debian Cloud Server with UFW (Uncomplicated Firewall)

UFW (Uncomplicated Firewall) is a user-friendly tool for managing firewall rules on Linux systems, designed to make it easy for users to set up a firewall without having to deal with complex commands. It is particularly useful for securing Debian cloud servers by controlling inbound and outbound traffic.

Here’s how to secure your Debian cloud server with UFW:


Step 1: Update Your Server

Before installing and configuring UFW, it’s essential to ensure your server is up to date.

  1. Log in to your Debian server.
  2. Run the following commands to update the package list and install updates:
    bash
    sudo apt update
    sudo apt upgrade -y

Step 2: Install UFW

UFW is available in the default Debian repositories, so you can install it directly from the package manager.

  1. Install UFW with the following command:
    bash
    sudo apt install ufw

Step 3: Check UFW Status

After installation, you can check the status of UFW to ensure it’s not running yet.

bash
sudo ufw status

The output should show that UFW is inactive.


Step 4: Set Default Policies

Before adding rules, set default policies to block all incoming traffic and allow outgoing traffic. This is a good security practice.

  1. Set the default policy for incoming traffic to “deny” (blocks all incoming traffic by default):
    bash
    sudo ufw default deny incoming
  2. Set the default policy for outgoing traffic to “allow” (allows all outgoing traffic by default):
    bash
    sudo ufw default allow outgoing

Step 5: Allow SSH Connections

To ensure you don’t lock yourself out of your server, allow incoming SSH connections.

  1. Allow SSH (port 22) with the following command:
    bash
    sudo ufw allow ssh

    Or if you are using a different SSH port (e.g., 2222), specify the port:

    bash
    sudo ufw allow 2222/tcp

Step 6: Add Other Firewall Rules

Now that SSH is allowed, you can add additional rules based on your server’s needs. Here are some common services you might want to allow:

  • HTTP (port 80) for web traffic:
    bash
    sudo ufw allow http
  • HTTPS (port 443) for secure web traffic:
    bash
    sudo ufw allow https
  • Allow custom ports (e.g., for databases or custom applications). For example, to allow MySQL (port 3306):
    bash
    sudo ufw allow 3306/tcp

Step 7: Enable UFW

Once you’ve set the rules, enable the firewall.

bash
sudo ufw enable

This will start UFW and apply the rules. You’ll be prompted to confirm that you want to proceed.


Step 8: Verify the Rules

Check that UFW is active and review the rules:

bash
sudo ufw status verbose

This will display a list of allowed ports and services, as well as their current status.


Step 9: Monitoring and Logging

You can enable logging to monitor blocked and allowed traffic. To enable logging:

bash
sudo ufw logging on

Check the logs with the following command:

bash
sudo tail -f /var/log/ufw.log

Step 10: Allow Specific IPs (Optional)

If you need to allow a specific IP address to access your server (e.g., for administrative purposes), you can create a rule for it:

bash
sudo ufw allow from <IP_address> to any port 22

Replace <IP_address> with the actual IP you want to allow.


Step 11: Disabling UFW (Optional)

If you ever need to disable UFW temporarily, you can do so with:

bash
sudo ufw disable

Step 12: Remove Rules (Optional)

To remove a rule, you can use the following command. For example, to remove an HTTP rule:

bash
sudo ufw delete allow http

Conclusion

By setting up UFW on your Debian cloud server, you’ve created an extra layer of security. UFW helps ensure only necessary traffic can reach your server, while everything else is blocked by default. This is a crucial step in securing any server, especially when it is exposed to the internet.

Be sure to regularly review and update your firewall rules as your server setup evolves.

Picture of Ramandeep Singh Sethi

Ramandeep Singh Sethi

Hello, I’m Ramandeep Singh Sethi a Public Speaker, Entrepreneur, Philanthropist, and the CEO & Founder of three pioneering technology companies: Hydizo Global Solutions, 1Only Host, and Leadtuts.
Share the Post:

Related Posts

Scroll to Top