Services running on Ubuntu or Debian need specific ports opened in the firewall before they can receive traffic. SSH connections, web servers and custom applications all require their ports to be accessible.
You will install UFW (Uncomplicated Firewall), configure SSH access to prevent lockouts and open the ports your services need. UFW provides a simpler interface than working directly with iptables.
Before you begin
- You need root or sudo access to your Ubuntu or Debian server.
- You must be connected via SSH or have console access through your hosting control panel.
Install UFW
UFW may already be installed on your system. You will check for an existing installation before attempting to install it.
- Check if UFW is installed.
Run the status command to see if UFW is present on your system:sudo ufw status
If this returns a status message, UFW is already installed and you can skip to the next section. - Install UFW if needed.
If the previous command returned an error, install UFW now. This command updates your package lists, upgrades existing packages and installs UFW in one operation:sudo apt update && sudo apt upgrade && sudo apt install ufw
Wait for the installation to complete before continuing.
UFW is now installed and ready to configure. You will enable it and open your required ports in the next section.
Enable UFW and open ports
You must allow SSH access before enabling UFW. This prevents you from being locked out of your server when the firewall starts blocking traffic.
- Allow SSH connections.
Create a rule that permits SSH traffic on port 22:sudo ufw allow ssh
This allows incoming SSH connections so you can continue accessing your server after the firewall is active. - Enable the firewall.
Start UFW with its default ruleset:sudo ufw enable
You will see a warning about disrupting existing SSH connections. Typeyand press Enter to confirm. Your SSH rule from the previous step keeps your current connection active. - Open your required port.
Allow traffic through a specific port using the allow command. Replace2087with your port number:sudo ufw allow 2087
This opens the port for both TCP and UDP traffic. - Specify a protocol if needed.
Restrict the rule to TCP or UDP by adding the protocol to your command:sudo ufw allow 2087/tcp
This limits the rule to TCP traffic only, which is appropriate for most web services and applications. - Verify the rule was added.
Check your active firewall rules:sudo ufw status
You will see your new rule listed alongside the SSH rule you created earlier.
Your port is now open and accepting traffic. Services listening on this port can receive connections from external sources.
Remove a firewall rule
You can delete rules when you no longer need a port open. This closes the port and blocks traffic that was previously allowed.
- Delete the rule.
Remove a port rule using the delete command. Replace2087with the port number you want to close:sudo ufw delete allow 2087
The firewall immediately stops accepting traffic on this port. - Confirm the deletion.
Check your active rules to verify the port was removed:sudo ufw status
The deleted rule will no longer appear in the list.
The port is now closed and will reject incoming connections.
Wrapping up
Your Ubuntu or Debian server now has UFW configured with the ports your services need. You installed the firewall, protected SSH access and opened specific ports for incoming traffic. Services listening on these ports can now receive connections.
Review your firewall rules periodically and close ports you no longer use. This reduces your server’s attack surface. Our VPS hosting includes full root access for complete firewall control.
Need more power?
Get scalable resources with our VPS hosting with root access and optional software.
Get VPS Hosting
Starting something new?
Perfect for websites and small businesses unlimited bandwidth with cPanel hosting.
Get cPanel Hosting