adminBasic Firewall Checklist for Ubuntu VPS
A basic firewall is one of the first security layers for a new VPS. On Ubuntu, UFW is simple enough for beginners and useful enough for website operators. The goal is to allow only the ports you actually need.
Common ports
- 22 for SSH.
- 80 for HTTP.
- 443 for HTTPS.
- Custom app ports only when required.
Checklist
- Confirm your SSH port before enabling firewall.
- Allow SSH or your custom SSH port.
- Allow HTTP.
- Allow HTTPS.
- Do not open database ports to the public Internet.
- Enable UFW.
- Check UFW status.
- Test website access.
- Test SSH in a second terminal before closing the current session.
- Document all open ports.
Final check
A firewall is safe when SSH still works, website ports are open and unnecessary service ports are not exposed publicly.
When to Use This Checklist
Use this checklist when setting up a new Ubuntu VPS or reviewing basic server security for a website or automation stack.
Required Tools
SSH access, Ubuntu VPS, UFW, VPS provider console, list of required ports
Before You Start
Make sure you know your SSH port and have VPS provider console access before enabling firewall rules.
Structured Checklist Steps
- Check current SSH port.
- Allow SSH.
- Allow HTTP.
- Allow HTTPS.
- Block unnecessary public ports.
- Enable UFW.
- Check UFW status.
- Test website.
- Test SSH in another terminal.
- Document open ports.
Verification Steps
- SSH still works.
- Website loads on port 80 and 443.
- UFW status shows only required ports.
- No database port is publicly open.
Rollback Plan
If you lock yourself out, use the VPS provider console to disable UFW or add the correct SSH allow rule.
Common Mistakes
- Enabling firewall before allowing SSH.
- Opening MySQL publicly.
- Leaving random app ports exposed.
- Not testing SSH in a second terminal.
- Forgetting to document custom ports.
Related Commands
sudo ufw status
sudo ufw allow OpenSSH
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable
sudo ufw status numbered