DigitalOcean

Report this

What is the reason for this report?
Question

secure configuration of the firewall

Posted on September 30, 2014
gabriele

By gabriele

Hallo,

I have installed the Firewall by following this guide: https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

If I run this command (sudo ufw default deny incoming) from the guide asked this site is no longer accessible from the browser.

  • Please this is a good and safe configuration?
root@myclouds:~# sudo ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), deny (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
****/tcp                   ALLOW IN    Anywhere        (port that I use for SSH) 
****/tcp (v6)              ALLOW IN    Anywhere (v6)   (port that I use for SSH)

Thank you very much!

Regards, Gabriel



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Andrew SB
Andrew SBDigitalOcean Employee badge
September 30, 2014

That does not look right to me. You want something more like:

# sudo ufw status verbose
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere

Note the differences in the defaults. You are allowing all incoming connections. One of the main points in enabling firewalling is to block unwanted incoming connections. So by default, you want to deny all of them and then specific exceptions for the service that you want to be available to the outside. In a common web server setup, that would be HTTP on port 80, HTTPS on port 443, and 22 for SSH. Though many change the SSH port to a non-default one. Let’s run through that set up.

First, let’s temporarily disable the firewall in order to make sure we don’t accidently lock ourselves out:

sudo ufw disable

Now we will set up default rules allowing outgoing connections and denying incoming ones:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Then open the ports which we want to have available:

sudo ufw allow 80/tcp # http
sudo ufw allow 443/tcp # https
sudo ufw allow 22/tcp # ssh, change if you're using a different port

Finally, after we have opened the needed ports we can re-enable the firewall:

sudo ufw enable

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.