{"id":14199,"date":"2025-12-30T10:40:30","date_gmt":"2025-12-30T05:10:30","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=14199"},"modified":"2025-12-30T10:40:33","modified_gmt":"2025-12-30T05:10:33","slug":"create-ufw-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/create-ufw-on-linux","title":{"rendered":"How to Create UFW on Linux Server in 2026? &#8211; (Step by Step Guide)"},"content":{"rendered":"\n<p><strong>To create UFW on a Linux server<\/strong>, install UFW, set default policies (deny incoming, allow outgoing), allow SSH, enable UFW, and then add rules for services. Typical steps: apt install ufw, ufw default deny incoming, ufw default allow outgoing, ufw allow OpenSSH, ufw enable, ufw status verbose. This secures ports while keeping required access open.<\/p>\n\n\n\n<p>In this guide, you\u2019ll<strong> learn how to create UFW on a Linux server<\/strong> from scratch. We\u2019ll cover installation, safe activation over SSH, essential rules for web stacks, IPv6, logging, Docker\/cloud nuances, troubleshooting, and best practices. <\/p>\n\n\n\n<p>By the end, you\u2019ll have a secure, production-ready UFW firewall using simple, reliable commands.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-ufw-and-why-use-it\"><strong>What is UFW and Why Use it?<\/strong><\/h2>\n\n\n\n<p>UFW <strong>(Uncomplicated Firewall)<\/strong> is a user-friendly interface for <a href=\"https:\/\/www.youstable.com\/blog\/configure-iptables-on-linux\/\"><strong>iptables on Linux<\/strong><\/a>. It simplifies firewall management with readable commands like allow, deny, and limit. UFW is widely used on Ubuntu\/Debian servers but also available on other distributions. It\u2019s ideal when you want predictable, auditable network rules without digging into raw iptables syntax.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites\"><strong>Prerequisites<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Linux server with sudo privileges (Ubuntu\/Debian, or compatible)<\/li>\n\n\n\n<li>Console or SSH access (ensure you know your SSH port)<\/li>\n\n\n\n<li>List of services and ports to allow (e.g., SSH 22, HTTP 80, HTTPS 443)<\/li>\n\n\n\n<li>Optional: Public IPs that should be whitelisted<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-and-enable-ufw-safely-over-ssh\"><strong>Install and Enable UFW (Safely Over SSH)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-install-ufw\"><strong>1) Install UFW<\/strong><\/h3>\n\n\n\n<p>On Ubuntu and Debian, UFW usually ships preinstalled. If not, install it:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt <a href=\"https:\/\/www.youstable.com\/blog\/install-ufw-on-linux\/\">install ufw<\/a><\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-set-default-policies\"><strong>2) Set Default Policies<\/strong><\/h3>\n\n\n\n<p>Lock down inbound traffic by default and allow all outbound traffic so your server can reach updates and APIs.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw default deny incoming\nsudo ufw default allow outgoing<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-allow-ssh-before-enabling\"><strong>3) Allow SSH Before Enabling<\/strong><\/h3>\n\n\n\n<p>If you\u2019re <a href=\"https:\/\/www.youstable.com\/blog\/how-to-connect-to-server-via-ssh\/\">connected via SSH<\/a>, you must allow it first to avoid lockout. If you use the default port:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow OpenSSH\n# or explicitly:\n# sudo ufw allow 22\/tcp<\/code><\/pre>\n\n\n\n<p><strong>For a custom SSH port (e.g., 22022\/tcp):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 22022\/tcp<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-enable-ufw-and-verify\"><strong>4) Enable UFW and Verify<\/strong><\/h3>\n\n\n\n<p>Enable UFW. You\u2019ll be warned that enabling may disrupt existing SSH if not allowed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw enable\nsudo ufw status verbose<\/code><\/pre>\n\n\n\n<p>Status should show that UFW is active with your default policies and SSH rule.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"allow-and-deny-common-services\"><strong>Allow and Deny Common Services<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"use-application-profiles-service-names\"><strong>Use Application Profiles (Service Names)<\/strong><\/h3>\n\n\n\n<p>UFW integrates with application profiles in <code>\/etc\/services<\/code> and <code>\/etc\/ufw\/applications.d<\/code>, so you can allow by name. List available profiles:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw app list<\/code><\/pre>\n\n\n\n<p><strong>Allow web traffic:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow \"Nginx Full\"   # 80 and 443\n# or for Apache:\n# sudo ufw allow \"Apache Full\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"allow-specific-ports-and-ranges\"><strong>Allow Specific Ports and Ranges<\/strong><\/h3>\n\n\n\n<p>Allow explicit ports by protocol:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 80\/tcp\nsudo ufw allow 443\/tcp\nsudo ufw allow 53\/udp<\/code><\/pre>\n\n\n\n<p><strong>Allow a port range (e.g., for passive FTP or custom apps):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 30000:31000\/tcp<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"restrict-access-by-ip-or-subnet\"><strong>Restrict Access by IP or Subnet<\/strong><\/h3>\n\n\n\n<p>Expose databases or admin panels only to trusted IPs:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow MySQL only from a single IP\nsudo ufw allow from 203.0.113.10 to any port 3306 proto tcp\n\n# Allow PostgreSQL from a subnet\nsudo ufw allow from 10.0.0.0\/24 to any port 5432 proto tcp\n\n# Allow Redis only from an internal host\nsudo ufw allow from 10.1.2.3 to any port 6379 proto tcp<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"limit-ssh-to-throttle-brute-force\"><strong>Limit SSH to Throttle Brute-Force<\/strong><\/h3>\n\n\n\n<p>Use rate limiting for SSH (and similar services). UFW will rate-limit new connections from the same IP.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw limit OpenSSH<\/code><\/pre>\n\n\n\n<p>Alternatively, specify the port explicitly (replace 22 if using nonstandard port):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw limit 22\/tcp<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"managing-ufw-rules-effectively\"><strong>Managing UFW Rules Effectively<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"view-rules-human-friendly-and-numbered\"><strong>View Rules (Human-Friendly and Numbered)<\/strong><\/h3>\n\n\n\n<p>Check current rules in order of evaluation:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw status numbered\nsudo ufw status verbose<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"delete-insert-or-deny-rules\"><strong>Delete, Insert, or Deny Rules<\/strong><\/h3>\n\n\n\n<p>Delete by rule number to avoid typos:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Example: delete rule #3\nsudo ufw delete 3<\/code><\/pre>\n\n\n\n<p><strong>Deny traffic explicitly (useful for blocking attackers):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Block a single IP on all ports\nsudo ufw deny from 198.51.100.77\n\n# Block an IP to a specific port\nsudo ufw deny from 198.51.100.77 to any port 22<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"control-outgoing-traffic-egress-rules\"><strong>Control Outgoing Traffic (Egress Rules)<\/strong><\/h3>\n\n\n\n<p>If you need to restrict what your server can call out to (compliance, zero trust), set outgoing to deny and then allow selectively:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw default deny outgoing\nsudo ufw allow out 53\/udp      # DNS\nsudo ufw allow out 80,443\/tcp  # HTTP\/HTTPS\nsudo ufw allow out to 203.0.113.20 port 5432 proto tcp  # egress to a DB<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ipv6-logging-and-advanced-settings\"><strong>IPv6, Logging, and Advanced Settings<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-ipv6-support\"><strong>Enable IPv6 Support<\/strong><\/h3>\n\n\n\n<p>Ensure UFW manages IPv6 as well as IPv4. Edit <code>\/etc\/default\/ufw<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/default\/ufw\n# Set:\nIPV6=yes<\/code><\/pre>\n\n\n\n<p><strong>Then reload UFW:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"adjust-logging\"><strong>Adjust Logging<\/strong><\/h3>\n\n\n\n<p>UFW can log drops and allows. Levels: off, low, medium, high, full. Logs are usually in <code>\/var\/log\/ufw.log<\/code> (or syslog\/journal).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw logging medium<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"port-forwarding-and-nat\"><strong>Port Forwarding and NAT<\/strong><\/h3>\n\n\n\n<p>For NAT or port forwarding (e.g., forward 80 to 8080), edit <code>\/etc\/ufw\/before.rules<\/code> (and <code>before6.rules<\/code> for IPv6) and enable forwarding in <code>\/etc\/default\/ufw<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Enable forwarding\nsudo nano \/etc\/default\/ufw\n# Change:\nDEFAULT_FORWARD_POLICY=\"ACCEPT\"\n\n# Add NAT rules to \/etc\/ufw\/before.rules under the *nat table:\nsudo nano \/etc\/ufw\/before.rules\n\n# Example (IPv4):\n*nat\n:PREROUTING ACCEPT &#91;0:0]\n:POSTROUTING ACCEPT &#91;0:0]\n# Forward external :80 to local :8080\n-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080\nCOMMIT\n\n# Reload UFW\nsudo ufw reload<\/code><\/pre>\n\n\n\n<p>Remember to allow the final destination port (e.g., 8080) locally if needed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ufw-with-docker-and-cloud-firewalls\"><strong>UFW with Docker and Cloud Firewalls<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"docker-considerations\"><strong>Docker Considerations<\/strong><\/h3>\n\n\n\n<p>Docker manipulates iptables directly and can bypass UFW if not configured. Best practices:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Expose only needed container ports with <code>-p<\/code> and rely on UFW to allow\/deny them.<\/li>\n\n\n\n<li>Use the DOCKER-USER chain to apply global rules. Example: restrict container access to a subnet.<\/li>\n\n\n\n<li>Avoid <code>--iptables=false<\/code> unless you fully manage chains yourself.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Example: allow only 10.0.0.0\/24 to any published Docker ports\nsudo iptables -I DOCKER-USER -s 10.0.0.0\/24 -j ACCEPT\nsudo iptables -A DOCKER-USER -j DROP<\/code><\/pre>\n\n\n\n<p>Recheck after Docker updates, as iptables rules may be altered on restarts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"cloud-providers-aws-gcp-azure\"><strong>Cloud Providers (AWS, GCP, Azure)<\/strong><\/h3>\n\n\n\n<p>Cloud firewall layers (Security Groups, VPC firewall rules) apply before traffic reaches your VM. Ensure both cloud and UFW allow the same ports. For example, opening 443 in <a href=\"https:\/\/www.youstable.com\/blog\/how-to-monitor-secure-ufw-on-linux-server\/\">UFW won\u2019t help if AWS Security<\/a> Groups still block it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"testing-and-troubleshooting\"><strong>Testing and Troubleshooting<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"test-open-ports\"><strong>Test Open Ports<\/strong><\/h3>\n\n\n\n<p>From a remote machine, use nmap to verify exposure:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nmap -Pn -p 22,80,443 your.server.ip<\/code><\/pre>\n\n\n\n<p><strong>On the server, confirm listeners:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -tulpn | grep -E ':22|:80|:443'<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"avoiding-lockouts-and-common-errors\"><strong>Avoiding Lockouts and Common Errors<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Always allow SSH first, then enable UFW.<\/li>\n\n\n\n<li>Use a console or out-of-band access (VPS panel, IPMI) for recovery.<\/li>\n\n\n\n<li>Enable IPv6 if your server has an IPv6 address; otherwise IPv6 traffic may bypass intended rules.<\/li>\n\n\n\n<li>Check order of rules; earlier matches take precedence. Use <code>ufw status numbered<\/code>.<\/li>\n\n\n\n<li>If something breaks, check <code>\/var\/log\/ufw.log<\/code> and <code>journalctl -u ufw<\/code>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"reset-and-start-over-if-needed\"><strong>Reset and Start Over (If Needed)<\/strong><\/h3>\n\n\n\n<p>You can reset UFW to defaults and reapply rules cleanly:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw reset\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\nsudo ufw allow OpenSSH\nsudo ufw enable<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practice-rule-set-for-web-servers\"><strong>Best-Practice Rule Set for Web Servers<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deny all incoming, allow all outgoing.<\/li>\n\n\n\n<li>Allow SSH (rate-limited), restrict by source IP if possible.<\/li>\n\n\n\n<li>Allow HTTP\/HTTPS for web traffic.<\/li>\n\n\n\n<li>Restrict databases, admin panels, and internal services to known IPs or private subnets.<\/li>\n\n\n\n<li>Enable logging at medium level and audit monthly.<\/li>\n\n\n\n<li>Document each rule with its purpose and ticket\/reference.<\/li>\n\n\n\n<li>Back up UFW rules: <code>sudo cp -a \/etc\/ufw \/root\/backup-ufw-$(date +%F)<\/code>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ufw-vs-firewalld-vs-raw-iptables-when-to-choose-what\"><strong>UFW vs. firewalld vs. raw iptables: When to Choose What<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Choose UFW when you want simplicity, readable commands, and quick setup on Ubuntu\/Debian.<\/li>\n\n\n\n<li>Choose firewalld if you\u2019re on RHEL\/CentOS\/Alma\/Rocky and prefer zone-based management and native tooling.<\/li>\n\n\n\n<li>Choose raw iptables\/nftables for complex, large-scale, or performance-sensitive policies with custom chains and hooks.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-example-minimal-hardened-ufw-for-lemp-lemp\"><strong>Real World Example: Minimal Hardened UFW for LEMP\/LEMP<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Defaults\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\n\n# SSH (custom port example)\nsudo ufw allow 22022\/tcp\nsudo ufw limit 22022\/tcp\n\n# Web\nsudo ufw allow \"Nginx Full\"\n\n# DB restricted to app server\nsudo ufw allow from 10.0.1.50 to any port 3306 proto tcp\n\n# Cache restricted to internal subnet\nsudo ufw allow from 10.0.2.0\/24 to any port 6379 proto tcp\n\n# IPv6 on and logging\nsudo sed -i 's\/^IPV6=.*\/IPV6=yes\/' \/etc\/default\/ufw\nsudo ufw logging medium\n\n# Enable and verify\nsudo ufw enable\nsudo ufw status verbose<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"why-this-matters-for-hosting-and-how-youstable-helps\"><strong>Why This Matters for Hosting (and How YouStable Helps)<\/strong><\/h2>\n\n\n\n<p>Firewall hygiene is a foundational control for uptime and security. At YouStable, our <a href=\"https:\/\/www.youstable.com\/blog\/benefits-of-fully-managed-dedicated-server\/\">managed VPS and dedicated servers<\/a> ship with secure defaults, and our team can pre-configure UFW for your stack (web, database, cache, container orchestration) so you start production-ready. Need custom egress whitelists, IPv6 hardening, or Docker-aware policies? We\u2019ll apply and test them for you.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQ&#8217;s<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765952772048\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"1-do-i-need-ufw-if-i-already-use-a-cloud-firewall\">1. <strong>Do I need UFW if I already use a cloud firewall?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Cloud firewalls filter traffic before it reaches the instance, while UFW protects the server locally. Using both provides defense-in-depth and lets you isolate internal services by IP even within your VM.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765952780616\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"2-how-do-i-open-multiple-ports-at-once-in-ufw\">2. <strong>How do I open multiple ports at once in UFW?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>You can specify multiple ports separated by commas for the same protocol: <code>sudo ufw allow 80,443\/tcp<\/code>. For mixed protocols, create separate rules. For ranges, use <code>10000:10100\/tcp<\/code>.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765952789799\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"3-whats-the-difference-between-allow-and-limit-in-ufw\">3. <strong>What\u2019s the difference between allow and limit in UFW?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p><code>allow<\/code> simply permits traffic. <code>limit<\/code> allows traffic but rate-limits repeated connection attempts, which helps mitigate brute-force attacks on services like SSH by temporarily blocking abusive IPs.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765952797373\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"4-how-can-i-see-which-application-profiles-are-available\">4. <strong>How can I see which application profiles are available?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Run <code>sudo ufw app list<\/code>. You\u2019ll see profiles like <code>OpenSSH<\/code>, <code>Nginx Full<\/code>, <code>Apache Full<\/code>, etc., defined in <code>\/etc\/ufw\/applications.d<\/code>. Use them to allow the correct ports without memorizing numbers.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765952805756\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"5-will-enabling-ufw-interrupt-my-ssh-session\">5. <strong>Will enabling UFW interrupt my SSH session?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>It can if SSH isn\u2019t allowed first. Always run <code>sudo ufw allow OpenSSH<\/code> (or your custom port) before <code>sudo ufw enable<\/code>. If you do get locked out, use your provider\u2019s console to revert or reset UFW.<\/p>\n<p>By following this step-by-step guide, you\u2019ve learned how to create UFW on a Linux server with production-grade settings. Keep rules minimal, log and review regularly, and coordinate with your cloud firewall. <\/p>\n<p>If you want expert help and hardened defaults out of the box, YouStable can configure and monitor UFW for your exact workload.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To create UFW on a Linux server, install UFW, set default policies (deny incoming, allow outgoing), allow SSH, enable UFW, [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":16657,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-14199","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Create-UFW-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=14199"}],"version-history":[{"count":6,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14199\/revisions"}],"predecessor-version":[{"id":16659,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14199\/revisions\/16659"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/16657"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=14199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=14199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=14199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}