Configure a host-based firewall (UFW)

NOTE: If you are running on a VPS, check the control panel and ensure that any open ports on your host are also updated within the VPS control panel (it may have an additional firewall between your host and the internet)

Description

Command

1

Create basic firewall rules to secure the host, copy and paste each of the commands in order.

Port 80/443 (http/https) are required only if you do not have your own SSL certificate (used for validation of the DNS record when obtaining a certificate from letsencrypt)

sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh/tcp
sudo ufw limit ssh/tcp
sudo ufw allow http/tcp
sudo ufw allow https/tcp
sudo ufw allow 9033/tcp
sudo ufw logging on
sudo ufw -f enable
sudo ufw status

Example Output

zenops@zsec01:~$ sudo ufw status
Status: active

To......................................................................Action..................From
--.......................................................................-------...................-----
22/tcp..............................................................LIMIT....................Anywhere
80/tcp..............................................................ALLOW................Anywhere
443/tcp............................................................ALLOW...............Anywhere
9033/tcp..........................................................ALLOW...............Anywhere
22/tcp.(v6).......................................................LIMIT..................Anywhere.(v6)
80/tcp.(v6).......................................................ALLOW..............Anywhere.(v6)
443/tcp.(v6)....................................................ALLOW...............Anywhere.(v6)
9033/tcp.(v6)..................................................ALLOW..............Anywhere.(v6)

2

UFW generally installs, enabled at boot by default, to be certain that it starts at boot, enable it with systemctl

sudo systemctl enable ufw

Part 4

Part 5 of 11 - Securing the Host

Part 6

© 2020 Horizen. All rights reserved.

Browser not supported