A firewall is essential for securing your VPS against unauthorized access and cyber threats. This guide will show you how to set up and manage a firewall using UFW (Ubuntu/Debian) and Firewalld (CentOS/RHEL).
📌 Prerequisites
-
A VPS running Ubuntu, Debian, CentOS, or RHEL from V
-
Root or sudo user access
-
An SSH client (like PuTTY or Terminal)
1️⃣ Check If a Firewall Is Installed
Before configuring a firewall, check if one is already installed.
For Ubuntu/Debian (UFW):
sudo ufw status
For CentOS/RHEL (Firewalld):
sudo firewall-cmd --state
If no firewall is installed, follow the steps below to install one.
2️⃣ Install and Enable a Firewall
For Ubuntu/Debian (UFW)
Install UFW:
sudo apt install ufw -y
Enable UFW:
sudo ufw enable
Check status:
sudo ufw status verbose
For CentOS/RHEL (Firewalld)
Install Firewalld:
sudo yum install firewalld -y
Enable and start Firewalld:
sudo systemctl enable --now firewalld
Check status:
sudo firewall-cmd --state
3️⃣ Allow Essential Services
To prevent losing access, allow necessary ports before blocking others.
For Ubuntu/Debian (UFW)
Allow SSH (Port 22):
sudo ufw allow ssh
Allow HTTP & HTTPS (if running a web server):
sudo ufw allow http sudo ufw allow https
To allow a specific port:
sudo ufw allow 8080/tcp
For CentOS/RHEL (Firewalld)
Allow SSH:
sudo firewall-cmd --permanent --add-service=ssh
Allow HTTP & HTTPS:
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https
To allow a specific port:
sudo firewall-cmd --permanent --add-port=8080/tcp
Reload the firewall:
sudo firewall-cmd --reload
4️⃣ Block Unwanted Traffic
For Ubuntu/Debian (UFW)
To deny all incoming connections by default:
sudo ufw default deny incoming
To allow outgoing connections:
sudo ufw default allow outgoing
To deny a specific IP:
sudo ufw deny from 192.168.1.100
For CentOS/RHEL (Firewalld)
To block all incoming traffic except allowed services:
sudo firewall-cmd --set-default-zone=drop
To deny a specific IP:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.100" reject'
Reload for changes to take effect:
sudo firewall-cmd --reload
5️⃣ Disable or Remove Firewall Rules
If you need to remove a rule, follow these steps.
For Ubuntu/Debian (UFW)
To delete a specific rule:
sudo ufw delete allow ssh
To disable UFW:
sudo ufw disable
For CentOS/RHEL (Firewalld)
To remove a rule:
sudo firewall-cmd --permanent --remove-service=ssh
To disable Firewalld:
sudo systemctl stop firewalld sudo systemctl disable firewalld
6️⃣ Check Firewall Rules
To verify your firewall rules:
For Ubuntu/Debian (UFW)
sudo ufw status numbered
For CentOS/RHEL (Firewalld)
sudo firewall-cmd --list-all
🎉 Conclusion
Your VPS is now protected with a firewall, reducing security risks. Always allow necessary services while blocking unwanted traffic. 🚀
For further assistance, contact VolticHost Support.