Debian - install and configure firewall on VPS for SSH and WWW (ufw)

In this short article, we would like to show you how to install and cofigure firewall that gives access to SSH, HTTP, and HTTPS over IP v4 and IP v6 under Debian.

Note: below steps were tested on Debian 10 - is should be working on all Debian Linux family too (Ubuntu, etc.).

Simple steps:

Installation

1. Install firewall utils using the following command:

sudo apt-get install ufw

Configuration

2. Check firewall status using the following command:

sudo ufw status

The command should print:

Status: inactive

Wanring: do not enable ufw until it will be configured - in other case you will lose access to the server.

3. Enable IP v6 support

Edit using /etc/default/ufw file using the following command:

sudo nano /etc/default/ufw

Uncomment IP v6 line:

...

IPV6=yes
...

4. Block incomming and unblock outgoing traffic using the following commands:

sudo ufw default deny incoming
sudo ufw default allow outgoing

5. Enable SSH and www for 80 and 443 ports using the following commands:

sudo ufw allow ssh  # or: sudo ufw allow 22/tcp
sudo ufw allow www  # or: sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

6. Restart firewall using the following commands:

sudo ufw disable
sudo ufw enable

Verification

7. Check status unsing the following command:

sudo ufw status

The command should print:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)

Hint: after server restart firewall will be started automatically.