#StandWithUkraine
Today, 20th March 2023, Ukraine is still bravely fighting for democratic values, human rights and peace in whole world. Russians ruthlessly kill all civilians in Ukraine including childs and destroy their cities.
We are uniting against Putinโs invasion and violence, in support of the people in Ukraine. You can help by donating to Ukrainian's army.
There is a lot of attempts on the internet which try to do it with iptables
. Don't do it. For most cases you just need this jucy tool called ufw,
also known as Uncomplicated Firewall.
All you need:
apt install ufw
ufw default deny
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 53
ufw enable
This will close inbound ports apart:
- HTTP (80)
- HTTPS (443)
- SSH (22) - needed to connect to the server
The rules will be persisted after any reboot.
Check the status:
ufw status numbered
โน We recommend to allow this set of ports for any webserver, if you need any additional ports open for debug, e.g. MySQL/Postgres/Mongo etc, use SSH tunneling. Also SQL UI-based tools have built-in SSH tunneling (you can just specify SSH key and a host and it will all work over secured 22 port)
โน Some rare dedicated server providers might need some system ports to operate (rarly this happens with VPS instances), better google "How to Configure a Firewall on Your Server" for certain provider