Configure firewall with UFW

UFW (Uncomplicated Firewall) is the simplest way to manage iptables on Ubuntu and Debian. Protect your VPS by allowing only necessary traffic.

Step 1 — Install UFW

On Ubuntu it comes pre-installed. On Debian:

sudo apt install ufw -y

Step 2 — Set default policies

sudo ufw default deny incoming
sudo ufw default allow outgoing

This blocks all incoming traffic and allows all outgoing.

Step 3 — Allow SSH before enabling

Important: If you don't allow SSH before enabling UFW, you will be locked out of the server.

sudo ufw allow 22/tcp

If you changed the SSH port:

sudo ufw allow 2222/tcp

Step 4 — Allow other common services

# HTTP and HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# MySQL (only if you need remote access)
sudo ufw allow 3306/tcp

# PostgreSQL
sudo ufw allow 5432/tcp

Step 5 — Enable the firewall

sudo ufw enable

Confirm with y. The firewall activates and persists across reboots.

Step 6 — Check status

sudo ufw status verbose

Additional useful commands

# Allow a port range
sudo ufw allow 8000:8100/tcp

# Allow from a specific IP
sudo ufw allow from 203.0.113.50 to any port 22

# Delete a rule
sudo ufw delete allow 3306/tcp

# Reset all rules
sudo ufw reset

Note about Baires Host

Your Baires Host VPS already includes network-level DDoS protection. UFW complements that protection by filtering traffic at the operating system level.