January 13, 2026Guides
How to Configure Firewall on Linux Server
Complete guide on configuring UFW (Ubuntu) and Firewalld (CentOS) firewalls to secure your server.
A firewall is essential for server security, controlling incoming and outgoing network traffic. This guide covers configuring UFW on Ubuntu/Debian and Firewalld on CentOS/RHEL systems.
Installing UFW
bash
sudo apt update
sudo apt install ufw -yBasic UFW Commands
bash
# Check status
sudo ufw status
# Enable firewall
sudo ufw enable
# Allow SSH (important!)
sudo ufw allow 22/tcp
# Allow HTTP and HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Deny a port
sudo ufw deny 3306/tcp
# Delete a rule
sudo ufw delete allow 80/tcpUsing Application Profiles
bash
# List available applications
sudo ufw app list
# Allow Nginx
sudo ufw allow 'Nginx Full'
# Allow OpenSSH
sudo ufw allow 'OpenSSH'Installing Firewalld
bash
sudo yum install firewalld -y
sudo systemctl start firewalld
sudo systemctl enable firewalldBasic Firewalld Commands
bash
# Check status
sudo firewall-cmd --state
# List all rules
sudo firewall-cmd --list-all
# Allow a service
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# Allow a port
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reloadWorking with Zones
Firewalld uses zones to manage network security. Common zones:
bash
# List zones
sudo firewall-cmd --get-zones
# Set default zone
sudo firewall-cmd --set-default-zone=public
# Add service to zone
sudo firewall-cmd --zone=public --add-service=ssh --permanent
sudo firewall-cmd --reloadSecurity Best Practices
- Always allow SSH before enabling firewall to avoid locking yourself out
- Use specific IP addresses when possible: sudo ufw allow from 192.168.1.100
- Regularly review firewall rules and remove unused ones
- Enable logging to monitor firewall activity
- Test firewall rules before applying to production