How to Set Up a Firewall on Linux Cloud Servers

  • Last Created On Sep 26, 2025
  • 22
0 0



 

Securing cloud servers is critical. One of the first steps is configuring a firewall to control incoming and outgoing traffic. Linux offers tools like UFW (Uncomplicated Firewall) and firewalld for this purpose.

This guide will cover:
✅ Why firewalls matter
✅ UFW basics (Ubuntu/Debian)
✅ Firewalld basics (RHEL/AlmaLinux/Fedora)
✅ Opening and closing ports
✅ Best practices for cloud servers


🔹 Step 1: Check if a Firewall is Active

Ubuntu/Debian (UFW):

sudo ufw status verbose

RHEL/AlmaLinux/Fedora (firewalld):

sudo firewall-cmd --state

🔹 Step 2: Install Firewall Tools (if missing)

Ubuntu/Debian:

sudo apt update
sudo apt install ufw -y

RHEL/AlmaLinux/Fedora:

sudo dnf install firewalld -y
sudo systemctl enable firewalld --now

🔹 Step 3: Basic Firewall Rules

UFW (Ubuntu/Debian):

  • Allow SSH (port 22):

sudo ufw allow 22/tcp
  • Allow HTTP & HTTPS:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
  • Enable UFW:

sudo ufw enable
sudo ufw status numbered

firewalld (RHEL/AlmaLinux/Fedora):

  • Allow SSH:

sudo firewall-cmd --permanent --add-service=ssh
  • Allow HTTP & HTTPS:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
  • Reload to apply:

sudo firewall-cmd --reload
  • Check rules:

sudo firewall-cmd --list-all

🔹 Step 4: Open Custom Ports

  • Example: Open port 2222 for alternative SSH:

UFW:

sudo ufw allow 2222/tcp

firewalld:

sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload

🔹 Step 5: Deny Unwanted Traffic

  • Block a specific IP:

UFW:

sudo ufw deny from 203.0.113.50

firewalld:

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="203.0.113.50" reject'
sudo firewall-cmd --reload

🔹 Step 6: Enable Logging

  • UFW:

sudo ufw logging on
  • firewalld:

sudo firewall-cmd --set-log-denied=all

Logs help monitor unauthorized connection attempts.


🔹 Step 7: Test Firewall Rules 🔎

  • Use nmap to scan your server ports:

nmap -Pn your_server_ip
  • Verify only allowed ports are open.


🌐 Best Practices for Cloud Servers

  • Always allow SSH first before enabling firewall, or you may lock yourself out.

  • Close unused ports.

  • Use alternative ports for services if possible.

  • Combine with cloud provider firewall/security groups for layered security.


✅ Conclusion

A properly configured firewall is essential for cloud server security. By using UFW or firewalld, you can:

  • Control access to ports

  • Protect against unauthorized connections

  • Monitor attempts via logs

  • Reduce attack surface in combination with cloud security groups

🚀 Securing your cloud Linux server is the first step toward building a reliable and safe infrastructure.



Views: 22

Recent Articles

  • Detecting Rootkits on Linux: Using rkhun...
    21
  • Load Balancing on Linux Cloud Servers Us...
    21
  • High Availability (HA) on Linux Cloud Se...
    22
  • How to Set Up a Firewall on Linux Cloud...
    22
  • How to Attach and Mount Volumes on Linux...
    35

Popular Articles

  • How to Fix “Error Establishing Database...
    238
  • How to Create a Linux Swap File (Step-by...
    46
  • How to Secure SSH Access on Linux Server...
    42
  • How to Attach and Mount Volumes on Linux...
    35
  • Timeshift Installation and Configuration...
    35
!-- Floating WhatsApp Button --> WhatsApp Chat