Network & Connectivity
Firewall
How to configure your server's firewall with UFW or iptables
A firewall controls which network connections are allowed or blocked. On Linux servers, you typically use UFW (on Debian/Ubuntu) or firewalld (on CentOS/AlmaLinux).
UFW: Debian / Ubuntu
UFW (Uncomplicated Firewall) is the simplest method to manage the firewall.
Basic Commands
# Check status
ufw status verbose
# Enable the firewall
ufw enable
# Disable the firewall
ufw disable
# Reset to default (removes all rules)
ufw resetOpening Ports
# By port number
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
ufw allow 22/tcp # SSH
ufw allow 3306/tcp # MySQL (only if necessary!)
# By service name
ufw allow ssh
ufw allow http
ufw allow https
# Port range
ufw allow 8000:9000/tcpBlocking Ports
ufw deny 3306/tcp
ufw deny from 1.2.3.4 # Block a specific IPDeleting a Rule
# First display the numbered rules
ufw status numbered
# Then delete by number
ufw delete 3Recommended Configuration for a Web Server
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow http
ufw allow https
ufw enablefirewalld: CentOS / AlmaLinux / Rocky Linux
# Check status
firewall-cmd --state
firewall-cmd --list-all
# Open a port (permanent)
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-service=ssh
# Apply the changes
firewall-cmd --reload
# Block an IP
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="1.2.3.4" drop'
firewall-cmd --reloadiptables (Low Level)
If you prefer to manage iptables directly:
# View rules
iptables -L -n -v
# Open a port
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Block an IP
iptables -A INPUT -s 1.2.3.4 -j DROP
# Save the rules (Debian/Ubuntu)
apt install iptables-persistent
netfilter-persistent saveAlways be careful not to block SSH port (22) when configuring the firewall. If you lock yourself out, you'll need to use the VNC console from the panel to recover access.
Most Common Ports
| Port | Service |
|---|---|
| 22 | SSH |
| 25 | SMTP |
| 53 | DNS |
| 80 | HTTP |
| 443 | HTTPS |
| 3306 | MySQL |
| 5432 | PostgreSQL |
| 6379 | Redis |
| 8080 | Alternative HTTP |