Protect your Debian VPS with UFW

16 février 2020 MadeInFck

My NodeJs training led me to the need of hosting a server. This is how I got interested in VPS which I subscribed at OVH. As a rookie, I had to read a lot to make it work and get it configured. Even if there are so many articles dealing with this topic, it’s quite hard to have a precise insight on all the mandatory todos. This is how, after more than one year with my own VPS, I recently came to protect my Debian VPS, quite late I have to admit.

So, it probably means that the very first concern you should pay attention is to install a firewall to secure your system. UFW, which stands for Uncomplicated FireWall, is an easy solution. Just to mention that UFW is not a firewall but an interface to iptables. As a beginner, UFW is much easier to use and this is why I chose to introduce this tool.

Get help here :

The 2 following links might be helpful to set up UFW on your server :

Once you’ve installed UFW and enabled it, what should you do ?

Set up your rules :

First, you probably access and manage your VPS with SSH. The default port for SSH is 22. If that’s your case, as for many people, you are thus exposed to many bots scanning through port 22. A simple ufw status verbose will show you the default rules that have been set up. A 22/tcp tells you may need to change this. Once you’re done, don’t be scared if you can’t access don’t forget to:

take into account this change. I personally access my VPS via a .sh file launched from my terminal. So I had to modify its content : ssh user@password port xx. If you just launch from a command in your terminal, same needs to be done.
If you use SFTP to access your VPS, don’t forget to tell it. For instance, in FileZilla, change the configuration of your site by changing the port as well.

Therefore, you should list who you want to access your server and who your server should be able to reach. This will help you set the appropriate rules. I personally had a server used for WebSocket messages. Finally, I just had to allow this hosted site to get through the firewall via the websocket port. having forgot to do so at first, my websockets were no more functional and it took me a few minutes to understand that. I also chose to forbid access from non secured sites (port 80 and 8080), but of course port 443 is allowed for access, as for my personal sites.

Protect your Debian VPS with UFW par MadeInFck est sous Licence Creative Commons Internationale Attribution-Pas d'utilisation Commerciale-Partage à l'identique 4.0 .

Cookie	Durée	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.