Configure a Firewall

A firewall acts as a protective barrier between your server and the outside world, controlling incoming and outgoing traffic. It helps block unauthorized access, reduces the risk of cyberattacks, and ensures that only necessary services are exposed to the internet.

How to Set Up a Firewall (UFW on Ubuntu/Debian)

1. Install UFW (Uncomplicated Firewall):

   sudo apt install ufw -y
   

2. Allow essential services:

   • Allow SSH (Port 22) for remote access:

     sudo ufw allow 22
     

   • Allow HTTP (Port 80) for websites:

     sudo ufw allow 80
     

   • Allow HTTPS (Port 443) for secure websites:

     sudo ufw allow 443
     

3. Enable the firewall:

   sudo ufw enable
   

   This activates the firewall and starts blocking all other ports by default.

4. Verify firewall status and rules:

   sudo ufw status
   

   This command shows which ports are open and which are blocked.

For CentOS/RHEL (Using Firewalld)

1. Install and enable Firewalld:

   sudo yum install firewalld -y
   sudo systemctl enable --now firewalld
   

2. Allow necessary ports:

   sudo firewall-cmd --permanent --add-service=ssh
   sudo firewall-cmd --permanent --add-service=http
   sudo firewall-cmd --permanent --add-service=https
   sudo firewall-cmd --reload
   

Best Practices for Firewalls:

✅ Only open the ports you need—keeping unnecessary ports closed reduces attack vectors.
✅ Use custom SSH ports to help avoid automated attacks (e.g., change SSH to port 2222).
✅ Monitor firewall logs for any suspicious traffic.

By properly configuring a firewall, you strengthen your server’s defenses and prevent unauthorized access, making it significantly harder for attackers to compromise your system.