DeluxHost
Zurück zur Dokumentation
Networking·2 Min. Lesezeit

Firewall

How to configure your server's firewall with UFW or iptables

A firewall controls which network connections are allowed or blocked. On Linux servers, you typically use UFW (on Debian/Ubuntu) or firewalld (on CentOS/AlmaLinux).

02

UFW: Debian / Ubuntu

UFW (Uncomplicated Firewall) is the simplest method to manage the firewall.

Basic Commands

bash
# Check status
ufw status verbose

# Enable the firewall
ufw enable

# Disable the firewall
ufw disable

# Reset to default (removes all rules)
ufw reset

Opening Ports

bash
# By port number
ufw allow 80/tcp       # HTTP
ufw allow 443/tcp      # HTTPS
ufw allow 22/tcp       # SSH
ufw allow 3306/tcp     # MySQL (only if necessary!)

# By service name
ufw allow ssh
ufw allow http
ufw allow https

# Port range
ufw allow 8000:9000/tcp

Blocking Ports

bash
ufw deny 3306/tcp
ufw deny from 1.2.3.4    # Block a specific IP

Deleting a Rule

bash
# First display the numbered rules
ufw status numbered

# Then delete by number
ufw delete 3

Recommended Configuration for a Web Server

bash
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow http
ufw allow https
ufw enable
03

firewalld: CentOS / AlmaLinux / Rocky Linux

bash
# Check status
firewall-cmd --state
firewall-cmd --list-all

# Open a port (permanent)
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-service=ssh

# Apply the changes
firewall-cmd --reload

# Block an IP
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="1.2.3.4" drop'
firewall-cmd --reload
04

iptables (Low Level)

If you prefer to manage iptables directly:

bash
# View rules
iptables -L -n -v

# Open a port
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Block an IP
iptables -A INPUT -s 1.2.3.4 -j DROP

# Save the rules (Debian/Ubuntu)
apt install iptables-persistent
netfilter-persistent save

Always be careful not to block SSH port (22) when configuring the firewall. If you lock yourself out, you'll need to use the VNC console from the panel to recover access.

05

Most Common Ports

PortService
22SSH
25SMTP
53DNS
80HTTP
443HTTPS
3306MySQL
5432PostgreSQL
6379Redis
8080Alternative HTTP

Verwandte Artikel

Networking

IP and Network Configuration

How to view and manage your server's IP addresses

2 Min. Lesezeit
Networking

DNS

How to configure your server's DNS and point a domain to your VPS

2 Min. Lesezeit
Networking

Reverse DNS (rDNS)

What reverse DNS is and how to configure it for your IP

2 Min. Lesezeit
Zurück zur Dokumentation

DeluxHost, gegründet 2023, bietet hochwertige Hosting-Lösungen für verschiedene digitale Anforderungen. Wir bieten Shared Hosting, VPS und dedizierte Server mit erweiterter Sicherheit und globalen Rechenzentren.

© DeluxHost, Alle Rechte vorbehalten. | USt-IdNr.: IT17734661006
Alle Systeme betriebsbereit

Produkte

VPSPlus VPSVDSPlus VDSDedicatedGame ServersDeals

Über uns

Kontaktieren Sie unsInfrastrukturNetzwerkAnti-DDoS

Rechtliches

NutzungsbedingungenDatenschutzrichtlinieRichtlinie zur fairen NutzungSLA

Sonstiges

ServicestatusTicket einreichenKontrollpanelDedicated-PanelLooking Glass