DeluxHost
Terug naar Documentatie
Networking·2 min lezen

Firewall

How to configure your server's firewall with UFW or iptables

A firewall controls which network connections are allowed or blocked. On Linux servers, you typically use UFW (on Debian/Ubuntu) or firewalld (on CentOS/AlmaLinux).

02

UFW: Debian / Ubuntu

UFW (Uncomplicated Firewall) is the simplest method to manage the firewall.

Basic Commands

bash
# Check status
ufw status verbose

# Enable the firewall
ufw enable

# Disable the firewall
ufw disable

# Reset to default (removes all rules)
ufw reset

Opening Ports

bash
# By port number
ufw allow 80/tcp       # HTTP
ufw allow 443/tcp      # HTTPS
ufw allow 22/tcp       # SSH
ufw allow 3306/tcp     # MySQL (only if necessary!)

# By service name
ufw allow ssh
ufw allow http
ufw allow https

# Port range
ufw allow 8000:9000/tcp

Blocking Ports

bash
ufw deny 3306/tcp
ufw deny from 1.2.3.4    # Block a specific IP

Deleting a Rule

bash
# First display the numbered rules
ufw status numbered

# Then delete by number
ufw delete 3

Recommended Configuration for a Web Server

bash
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow http
ufw allow https
ufw enable
03

firewalld: CentOS / AlmaLinux / Rocky Linux

bash
# Check status
firewall-cmd --state
firewall-cmd --list-all

# Open a port (permanent)
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-service=ssh

# Apply the changes
firewall-cmd --reload

# Block an IP
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="1.2.3.4" drop'
firewall-cmd --reload
04

iptables (Low Level)

If you prefer to manage iptables directly:

bash
# View rules
iptables -L -n -v

# Open a port
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Block an IP
iptables -A INPUT -s 1.2.3.4 -j DROP

# Save the rules (Debian/Ubuntu)
apt install iptables-persistent
netfilter-persistent save

Always be careful not to block SSH port (22) when configuring the firewall. If you lock yourself out, you'll need to use the VNC console from the panel to recover access.

05

Most Common Ports

PortService
22SSH
25SMTP
53DNS
80HTTP
443HTTPS
3306MySQL
5432PostgreSQL
6379Redis
8080Alternative HTTP

Gerelateerde artikelen

Networking

IP and Network Configuration

How to view and manage your server's IP addresses

2 min lezen
Networking

DNS

How to configure your server's DNS and point a domain to your VPS

2 min lezen
Networking

Reverse DNS (rDNS)

What reverse DNS is and how to configure it for your IP

2 min lezen
Terug naar Documentatie

DeluxHost, opgericht in 2023, biedt hoogwaardige hostingoplossingen voor diverse digitale behoeften. Wij bieden gedeelde hosting, VPS en dedicated servers met geavanceerde beveiliging en wereldwijde datacenters.

© DeluxHost, Alle rechten voorbehouden. | BTW-nummer: IT17734661006
Alle systemen operationeel

Producten

VPSPlus VPSVDSPlus VDSDedicatedGame ServersDeals

Over ons

Neem contact opInfrastructuurNetwerkAnti-DDoS

Juridisch

ServicevoorwaardenPrivacybeleidBeleid voor eerlijk gebruikSLA

Overig

ServicestatusTicket indienenConfiguratieschermDedicated-paneelLooking Glass