7.1 Firewall Security Setup - Tomato6966/Debian-Cheat-Sheet-Setup GitHub Wiki

1 Install firewall

apt-get install ufw

2 Change ssh port

nano /etc/ssh/sshd_config
  • in there find #Port=22
  • change it to: Port=yourwishedport e.g. Port=5050, the default port is 22, so you will need to specify the new connection port in your ssh like this: ssh username@hostname -p <port>

3 apply ssh settings

systemctl restart ssh
systemctl restart sshd

4 adjust firewall

sudo ufw default deny incoming
sudo ufw default allow outgoing

sudo ufw allow ssh

sudo ufw allow 22

sudo ufw allow <sshPort>

If you need a port range:

sudo ufw allow 3000:3100/tcp
sudo ufw allow 3000:3100/udp

5 enable firewall

sudo ufw enable

Allowing specific ip addresses for all ports

sudo ufw allow from 203.0.113.103

Allowing specific ip addresses for ports

sudo ufw allow from 203.0.113.103 proto tcp to any port 22

Further examples and more detailled explanations: digital ocean blog

Hover over the Boxes then you can copy paste it in the console, everything will be done automatically!

Note that if you do it without SUDO you might not have permissions to execute a specific Command

Make sure to be in the User: "root" by typing su root / su - / sudo su

⚠️ **GitHub.com Fallback** ⚠️