UFW (Uncomplicated Firewall) is a user-friendly tool for managing your Ubuntu VPS firewall. Properly configuring it blocks unauthorised access while allowing legitimate traffic.
Important: Always allow your SSH port BEFORE enabling UFW. If you enable UFW without allowing SSH, you will be permanently locked out of your server.
Essential UFW Commands
Check UFW Status
ufw status verbose
Allow SSH (Port 22 or your custom SSH port)
ufw allow 22/tcp # default SSH port
ufw allow 49152/tcp # custom SSH port used by Hordanso VPS
Allow Web Traffic
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
Enable the Firewall
ufw enable
Type y when prompted. UFW is now active.
Common Port Rules for Hordanso VPS Applications
- n8n dashboard: ufw allow 5678/tcp (or use Nginx proxy and keep port closed externally)
- CyberPanel: ufw allow 8090/tcp
- Grafana: ufw allow 3000/tcp (or use Nginx proxy)
- MySQL (if remote access needed): ufw allow from [specific-IP] to any port 3306
- Email: ufw allow 25/tcp 465/tcp 587/tcp 993/tcp 995/tcp
Block Specific IP Addresses
To block a specific IP that is attacking your server:
ufw deny from 123.45.67.89
Delete a Rule
ufw delete allow 5678/tcp
Or use the numbered format:
ufw status numbered
ufw delete [rule number]
Reset UFW to Default
ufw reset (disables UFW and removes all rules — use with caution)
Tip: The safest UFW setup is a default-deny policy: deny all incoming by default, then explicitly allow only the ports you need. This is what ufw enable sets up automatically.
