Linux & VPS

How to Set Up a Firewall on Linux (UFW)

6 min read Updated 16 June 2026 ESAGAMES Team

A firewall is the fastest way to shrink your server's attack surface — block everything, then allow only what you use. On Ubuntu/Debian, UFW (Uncomplicated Firewall) makes it genuinely simple. Here is how to set it up safely.

Do not lock yourself out

Always allow your SSH port BEFORE you enable the firewall. If you enable a default-deny firewall without allowing SSH, you will be locked out of your own server.

Step 1: set safe defaults

The right baseline is deny all incoming, allow all outgoing — that blocks the world from reaching your server while letting your server reach out (for updates etc.):

sudo ufw default deny incoming
sudo ufw default allow outgoing

Step 2: allow SSH first (critical)

Before enabling anything, open your SSH port so you keep access:

sudo ufw allow 22/tcp

# if you moved SSH to a custom port
sudo ufw allow 2222/tcp

Step 3: allow the ports your services need

Open only what you actually run. A few common examples:

# web server
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Minecraft
sudo ufw allow 25565/tcp

# a game server UDP example
sudo ufw allow 27015/udp

Step 4: enable and check

sudo ufw enable
sudo ufw status verbose

The status output lists every rule. If a service is unreachable after this, you almost certainly have not opened its port — see finding your server IP and port.

Useful UFW commands

  • sudo ufw status numbered — list rules with numbers.
  • sudo ufw delete 3 — remove rule number 3.
  • sudo ufw allow from 1.2.3.4 to any port 22 — allow SSH only from your IP.
  • sudo ufw disable — turn the firewall off.
A firewall is not optional on a public server. Default-deny plus a short allow-list stops the constant background scanning cold.

A firewall is one layer — pair it with hardened SSH and fail2ban for a properly locked-down VPS. See the full VPS hardening checklist.

Hardened, protected hosting

Our VPS runs on a protected Frankfurt network — add a firewall on top and you are properly locked down.

See VPS hosting
FAQ

Frequently asked questions

Will enabling UFW disconnect my SSH session?

Not if you allow your SSH port first. Always run "ufw allow 22/tcp" (or your custom port) before "ufw enable", or you will lock yourself out.

What is the difference between UFW and iptables?

UFW is a friendly front-end for iptables/nftables. It manages the same underlying firewall with far simpler commands, which is why it is recommended for most server owners.

Do I still need a firewall if my host has DDoS protection?

Yes — they solve different problems. Network DDoS filtering absorbs floods; a firewall controls which ports and services are reachable at all. You want both.

Knowledge base

Related articles

Linux & VPS

Fix SSH "Connection refused" / "Connection timed out"

SSH "connection refused" vs "timed out" — what each means and the exact steps to fix them.

Read fix Linux & VPS

Fix "Permission denied" on Linux (chmod & chown Explained)

"Permission denied" on a script or file? Understand chmod/chown and fix it the right way.

Read fix Linux & VPS

How to Check CPU, RAM & Disk Usage on a Linux Server

The essential commands to check CPU, RAM and disk on Linux — and find what's eating them.

Read fix

Skip the troubleshooting

Managed, protected hosting in Frankfurt — we handle the Linux, the network and the DDoS so you don't have to.

Game hosting All articles
Payments Secure checkout with cards, banking apps and digital wallets.

Choose the payment flow that fits your stack and region without leaving the platform.

Pay by Zen Visa Mastercard Paysafecard PaysafeCash Skrill Trustly Bancontact UnionPay iDeal WebMoney