This post is roughly 10 years old; originally published on March 9, 2013! The information presented here may be out of date and inaccurate.
While migrating one of my VPS servers to Arch Linux
I deployed Uncomplicated Firewall (UFW)
to handle basic firewall duties. I like
ufw as it provides simple host-based
firewall management and, in my opinion, one of the better projects to come out
of the Ubuntu camp.
ufw as follows.
sudo pacman -Syy -noconfirm --needed ufw
ufw is simple but make sure you have console access to the host
you are configuring just in case you lock yourself out.
NOTE! When enabling
ufw the chains are flushed and connections may be
dropped. You can add rules to the firewall before enabling it however, so if you
ufw on a remote machine it is recommended you perform…
ufw allow ssh/tcp
sudo ufw enable. Once the firewall is enabled, adding and
removing rules will not flush the firewall, although modifying an existing rule
Set the default behaviour to deny all incoming connections.
sudo ufw default deny
Open up TCP port 22 but with rate limiting enabled which will deny connections
from an IP address that has attempted to initiate 6 or more connections in the
last 30 seconds. Ideal for protecting
sshd but you should conisder other
SSH brute force defense
techniques as well.
sudo ufw limit tcp/22
I’m hosting a few websites on my VPS so I open http and https.
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
ufw systemd unit.
sudo systemctl enable ufw
sudo systemctl start ufw
ufw is not enabled at this point. To enable the firewall you also
have to do the following.
sudo ufw enable
You can see the status of the firewall using
sudo ufw status.
On low-end servers it might be beneficial to disable logging.
sudo ufw logging off
At this point you should have a basic firewall configured and
ufw help or the
references below will assist you.