How to create a server-level firewall
You can restrict VPS incoming connections within your VPS provider’s admin page (at a network-level), but if you can’t restrict outgoing connections, or you prefer to use a firewall at a server-level. you can use
This is an example of how
ufw works. We are going to restrict our incoming connections to a specific IP. Replace “IP” with your chosen IP.
You may need to start and enable
ufw service. You need to be a root user or use sudo to run these commands.
Add default rules:
ufw default deny incoming
ufw default allow outgoing
Allow from IP:
ufw allow from 126.96.36.199
To allow a specific port:
ufw allow 1050/tcp
Allow http in:
ufw allow in http
Rate limit (to 6 connections in 30 seconds):
ufw limit 22/tcp
Full syntax example:
ufw deny proto udp comment 'restrict udp'
Check rules and their number (only if firewall is enabled):
ufw status numbered
Insert a rule at a specific position:
ufw insert <NUMBER> <RULE>
Disable the firewall:
If you use Docker,
-p flag makes the selected port available to everyone regardless of your
ufw configuration, so you need to use
--network host instead.
docker run -d --network host nginx
You may also need to change default rule for routed traffic:
ufw default allow routed