Configure UFW

UFW (Uncomplicated Firewall) wraps iptables with readable syntax. On a HolyCloud Linux VPS running Ubuntu or Debian, it is the fastest way to expose only required services (SSH, web, etc.).

Prerequisites

• HolyCloud VPS with Ubuntu 22.04/24.04 or Debian 12
• sudo access
• Known SSH port (22 or custom port after SSH hardening)
• Active SSH session: allow SSH in UFW before enabling the firewall

Step 1: installation

UFW is often preinstalled on Ubuntu. Otherwise:

sudo apt update
sudo apt install -y ufw

Step 2: default policy

Deny all incoming, allow outgoing connections (updates, DNS, etc.):

sudo ufw default deny incoming
sudo ufw default allow outgoing

Step 3: essential rules

SSH (adapt port if you use 2222):

sudo ufw allow OpenSSH
# or explicit port:
sudo ufw allow 2222/tcp comment 'SSH HolyCloud'

Common web services:

sudo ufw allow 80/tcp comment 'HTTP'
sudo ufw allow 443/tcp comment 'HTTPS'

Specific app (example Node on 3000, only if needed):

sudo ufw allow 3000/tcp comment 'App Node'

Limit SSH to a fixed IP (office or VPN):

sudo ufw allow from 203.0.113.50 to any port 22 proto tcp

Step 4: enable UFW

sudo ufw enable

Confirm with y if prompted. Firewall starts on boot.

Step 5: logging (optional)

sudo ufw logging medium

Events appear in /var/log/ufw.log and via journalctl.

Verification

sudo ufw status verbose
sudo ufw status numbered

Expected output: Status: active, SSH/80/443 rules listed.

Test from your workstation:

nc -zv VOTRE_IP_VPS 443

Delete a rule by number:

sudo ufw status numbered
sudo ufw delete 3
sudo ufw reload

HolyCloud help

• No SSH access after enable: KVM/VNC console → sudo ufw disable or sudo ufw allow 22/tcp
• Traffic blocked despite open UFW: also check network firewall / anti-DDoS in the HolyCloud client area
• Support: provide sudo ufw status verbose and VPS distribution