Overview
A firewall helps protect your VPS by only allowing the network traffic you actually need (like SSH, web traffic, or game ports). This guide covers:
-
Ubuntu/Debian using UFW
-
Windows Server using Windows Defender Firewall
Before you start (important)
-
Make sure you have console access (or a backup way to get in) before changing firewall rules.
-
Only open the ports you need.
-
If you’re unsure what ports your app uses, ask us and we’ll help you confirm.
Part A: Ubuntu Firewall Setup (UFW)
Step 1: Connect to your VPS via SSH
From your computer:
-
Windows: use Windows Terminal / PowerShell
-
Mac/Linux: use Terminal
SSH command:
ssh username@YOUR_VPS_IP
Step 2: Install UFW (if it’s not installed)
Run:
-
sudo apt update -
sudo apt install ufw -y
Step 3: Allow SSH first (do this before enabling UFW)
If you use the default SSH port (22):
sudo ufw allow OpenSSH
If you use a custom SSH port (example 2222):
sudo ufw allow 2222/tcp
Step 4: Allow web traffic (if you’re hosting a site)
For HTTP (port 80):
sudo ufw allow 80/tcp
For HTTPS (port 443):
sudo ufw allow 443/tcp
Step 5: Enable the firewall
sudo ufw enable
Type y to confirm.
Step 6: Check status
sudo ufw status verbose
You should see rules for SSH (and 80/443 if you added them).
Common UFW rules you might add
Allow a specific port (example 30120 for FiveM):
-
sudo ufw allow 30120/udp -
sudo ufw allow 30120/tcp
Allow from a specific IP only (example: lock SSH to your home IP):
sudo ufw allow from YOUR_IP to any port 22 proto tcp
Troubleshooting (Ubuntu)
If you get locked out:
-
Use your VPS console to log in
-
Run
sudo ufw disable -
Re-add the correct SSH rule, then re-enable
Part B: Windows Firewall Setup (Windows Server)
Step 1: Open Windows Defender Firewall
-
Click Start
-
Search: Windows Defender Firewall with Advanced Security
-
Open it
Step 2: Create an inbound rule (example: allow RDP)
RDP is usually port 3389.
-
Click Inbound Rules
-
Click New Rule
-
Select Port
-
Choose TCP and enter:
3389 -
Select Allow the connection
-
Choose profiles (Domain/Private/Public)
- If you’re unsure, select all
-
Name it:
Allow RDP -
Click Finish
Step 3: Allow web traffic (if hosting a site)
Repeat the steps above for:
-
HTTP: TCP
80 -
HTTPS: TCP
443
Step 4: (Optional) Restrict RDP to your IP
This is a great security upgrade.
-
Open your
Allow RDPrule -
Go to Scope
-
Under Remote IP address, add only your trusted IP(s)
Troubleshooting (Windows)
If you block yourself:
-
Use console access to log in
-
Temporarily disable the firewall or remove the rule
Recommended baseline rules (most VPS customers)
Linux (UFW)
-
Allow SSH (22 or your custom port)
-
Allow 80/443 if hosting a website
-
Deny everything else by default
Windows
-
Allow RDP (3389)
-
Allow 80/443 if hosting a website
-
Only open extra ports when you know you need them
Need help choosing ports?
Send us:
-
Your OS (Ubuntu/Windows)
-
What you’re hosting (website, game server, bot, etc.)
-
Any ports your app requires
We’ll tell you exactly what to open and what to keep closed.
📦 Powered by Q-Fi Cloud
At Q-Fi Cloud, we provide reliable, flexible, and easy-to-use hosting solutions for both gamers and businesses. Whether you’re setting up a game server, launching a business website, or running apps on a VPS, we’ve got you covered.
-
✅ 24/7 expert support
-
✅ Fast setup & performance-tuned servers
-
✅ Scalable plans for communities and businesses