Protect your Debian VPS with UFW
My NodeJs training led me to the need of hosting a server. This is how I got interested in VPS which I subscribed at OVH. As a rookie, I had to read a lot to make it work and get it configured. Even if there are so many articles dealing with this topic, it’s quite hard to have a precise insight on all the mandatory todos. This is how, after more than one year with my own VPS, I recently came to protect my Debian VPS, quite late I have to admit.
So, it probably means that the very first concern you should pay attention is to install a firewall to secure your system. UFW, which stands for Uncomplicated FireWall, is an easy solution. Just to mention that UFW is not a firewall but an interface to
iptables. As a beginner, UFW is much easier to use and this is why I chose to introduce this tool.
Get help here :
The 2 following links might be helpful to set up UFW on your server :
- How to set up a firewall with UFW on Debian 9 (english version)
- UFW un pare-feu facile (version française)
Once you’ve installed UFW and enabled it, what should you do ?
Set up your rules :
First, you probably access and manage your VPS with SSH. The default port for SSH is 22. If that’s your case, as for many people, you are thus exposed to many bots scanning through port 22. A simple
ufw status verbose will show you the default rules that have been set up. A
22/tcp tells you may need to change this. Once you’re done, don’t be scared if you can’t access don’t forget to:
- take into account this change. I personally access my VPS via a .sh file launched from my terminal. So I had to modify its content :
ssh user@password port xx. If you just launch from a command in your terminal, same needs to be done.
- If you use SFTP to access your VPS, don’t forget to tell it. For instance, in FileZilla, change the configuration of your site by changing the port as well.
Therefore, you should list who you want to access your server and who your server should be able to reach. This will help you set the appropriate rules. I personally had a server used for WebSocket messages. Finally, I just had to allow this hosted site to get through the firewall via the websocket port. having forgot to do so at first, my websockets were no more functional and it took me a few minutes to understand that. I also chose to forbid access from non secured sites (
port 80 and 8080), but of course port 443 is allowed for access, as for my personal sites.
Protect your Debian VPS with UFW par MadeInFck est sous Licence Creative Commons Internationale Attribution-Pas d'utilisation Commerciale-Partage à l'identique 4.0 .