Home VPS How to Set Up a Basic Firewall on Your VPS (UFW on Ubuntu / Windows Firewall)

How to Set Up a Basic Firewall on Your VPS (UFW on Ubuntu / Windows Firewall)

Last updated on Jan 07, 2026

Overview

A firewall helps protect your VPS by only allowing the network traffic you actually need (like SSH, web traffic, or game ports). This guide covers:

  • Ubuntu/Debian using UFW

  • Windows Server using Windows Defender Firewall

Before you start (important)

  • Make sure you have console access (or a backup way to get in) before changing firewall rules.

  • Only open the ports you need.

  • If you’re unsure what ports your app uses, ask us and we’ll help you confirm.

Part A: Ubuntu Firewall Setup (UFW)

Step 1: Connect to your VPS via SSH

From your computer:

  • Windows: use Windows Terminal / PowerShell

  • Mac/Linux: use Terminal

SSH command:

  • ssh username@YOUR_VPS_IP

Step 2: Install UFW (if it’s not installed)

Run:

  1. sudo apt update

  2. sudo apt install ufw -y

Step 3: Allow SSH first (do this before enabling UFW)

If you use the default SSH port (22):

  • sudo ufw allow OpenSSH

If you use a custom SSH port (example 2222):

  • sudo ufw allow 2222/tcp

Step 4: Allow web traffic (if you’re hosting a site)

For HTTP (port 80):

  • sudo ufw allow 80/tcp

For HTTPS (port 443):

  • sudo ufw allow 443/tcp

Step 5: Enable the firewall

  • sudo ufw enable

Type y to confirm.

Step 6: Check status

  • sudo ufw status verbose

You should see rules for SSH (and 80/443 if you added them).

Common UFW rules you might add

Allow a specific port (example 30120 for FiveM):

  • sudo ufw allow 30120/udp

  • sudo ufw allow 30120/tcp

Allow from a specific IP only (example: lock SSH to your home IP):

  • sudo ufw allow from YOUR_IP to any port 22 proto tcp

Troubleshooting (Ubuntu)

If you get locked out:

  • Use your VPS console to log in

  • Run sudo ufw disable

  • Re-add the correct SSH rule, then re-enable

Part B: Windows Firewall Setup (Windows Server)

Step 1: Open Windows Defender Firewall

  1. Click Start

  2. Search: Windows Defender Firewall with Advanced Security

  3. Open it

Step 2: Create an inbound rule (example: allow RDP)

RDP is usually port 3389.

  1. Click Inbound Rules

  2. Click New Rule

  3. Select Port

  4. Choose TCP and enter: 3389

  5. Select Allow the connection

  6. Choose profiles (Domain/Private/Public)

    • If you’re unsure, select all

  7. Name it: Allow RDP

  8. Click Finish

Step 3: Allow web traffic (if hosting a site)

Repeat the steps above for:

  • HTTP: TCP 80

  • HTTPS: TCP 443

Step 4: (Optional) Restrict RDP to your IP

This is a great security upgrade.

  1. Open your Allow RDP rule

  2. Go to Scope

  3. Under Remote IP address, add only your trusted IP(s)

Troubleshooting (Windows)

If you block yourself:

  • Use console access to log in

  • Temporarily disable the firewall or remove the rule

Recommended baseline rules (most VPS customers)

Linux (UFW)

  • Allow SSH (22 or your custom port)

  • Allow 80/443 if hosting a website

  • Deny everything else by default

Windows

  • Allow RDP (3389)

  • Allow 80/443 if hosting a website

  • Only open extra ports when you know you need them

Need help choosing ports?

Send us:

  • Your OS (Ubuntu/Windows)

  • What you’re hosting (website, game server, bot, etc.)

  • Any ports your app requires

We’ll tell you exactly what to open and what to keep closed.

📦 Powered by Q-Fi Cloud

At Q-Fi Cloud, we provide reliable, flexible, and easy-to-use hosting solutions for both gamers and businesses. Whether you’re setting up a game server, launching a business website, or running apps on a VPS, we’ve got you covered.

  • ✅ 24/7 expert support

  • ✅ Fast setup & performance-tuned servers

  • ✅ Scalable plans for communities and businesses

👉 Explore Hosting Plans