Securing cloud servers is critical. One of the first steps is configuring a firewall to control incoming and outgoing traffic. Linux offers tools like UFW (Uncomplicated Firewall) and firewalld for this purpose.
This guide will cover:
✅ Why firewalls matter
✅ UFW basics (Ubuntu/Debian)
✅ Firewalld basics (RHEL/AlmaLinux/Fedora)
✅ Opening and closing ports
✅ Best practices for cloud servers
sudo ufw status verbose
sudo firewall-cmd --state
sudo apt update
sudo apt install ufw -y
sudo dnf install firewalld -y
sudo systemctl enable firewalld --now
Allow SSH (port 22):
sudo ufw allow 22/tcp
Allow HTTP & HTTPS:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Enable UFW:
sudo ufw enable
sudo ufw status numbered
Allow SSH:
sudo firewall-cmd --permanent --add-service=ssh
Allow HTTP & HTTPS:
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
Reload to apply:
sudo firewall-cmd --reload
Check rules:
sudo firewall-cmd --list-all
Example: Open port 2222 for alternative SSH:
UFW:
sudo ufw allow 2222/tcp
firewalld:
sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload
Block a specific IP:
UFW:
sudo ufw deny from 203.0.113.50
firewalld:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="203.0.113.50" reject'
sudo firewall-cmd --reload
UFW:
sudo ufw logging on
firewalld:
sudo firewall-cmd --set-log-denied=all
Logs help monitor unauthorized connection attempts.
Use nmap to scan your server ports:
nmap -Pn your_server_ip
Verify only allowed ports are open.
Always allow SSH first before enabling firewall, or you may lock yourself out.
Close unused ports.
Use alternative ports for services if possible.
Combine with cloud provider firewall/security groups for layered security.
A properly configured firewall is essential for cloud server security. By using UFW or firewalld, you can:
Control access to ports
Protect against unauthorized connections
Monitor attempts via logs
Reduce attack surface in combination with cloud security groups
🚀 Securing your cloud Linux server is the first step toward building a reliable and safe infrastructure.