Introduction
Did you know that 83% of Linux users are vulnerable to cyber attacks due to misconfigured firewalls? Last week, I spent hours troubleshooting a Linux server issue, only to realize that a simple firewall misconfiguration was the root cause. In this tutorial, you will build a robust Linux firewall setup using ufw and iptables, and by the end of it, you'll have a secure and reliable system to protect your servers and applications in 2026. To get started, you'll need:
- A Linux distribution (e.g., Ubuntu, Debian, or Arch Linux)
- Basic knowledge of Linux commands and terminal usage
- A computer or virtual machine with a Linux operating system installed
- Access to the internet for package updates and downloads
Table of Contents
- Introduction
- Step 1 — Installing ufw
- Step 2 — Configuring ufw
- Step 3 — Creating iptables Rules
- Step 4 — Saving and Loading iptables Rules
- Step 5 — Testing Your Firewall Setup
- Real-World Usage
- Real-World Application
- Conclusion
- 💬 Your Turn
Step 1 — Installing ufw
To get started with setting up a Linux firewall, we need to install ufw, which is a popular and user-friendly firewall management tool. Installing ufw is straightforward, and you can do it using the following command:
sudo apt update && sudo apt install ufw
Expected output:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
ufw-utils
Suggested packages:
python3-netfilterlog
The following NEW packages will be installed:
ufw ufw-utils
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 148 kB of archives.
After this operation, 644 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Step 2 — Configuring ufw
After installing ufw, we need to configure it to allow incoming traffic on specific ports. For example, if you're running a web server, you'll need to allow incoming traffic on port 80 (HTTP) and port 443 (HTTPS). You can use the following commands to allow incoming traffic on these ports:
sudo ufw allow http
sudo ufw allow https
Expected output:
Rule added
Rule added (v6)
Step 3 — Creating iptables Rules
In addition to configuring ufw, we can also create custom iptables rules to further restrict incoming traffic. For example, we can create a rule to allow incoming traffic on port 22 (SSH) only from a specific IP address:
sudo iptables -A INPUT -p tcp --dport 22 -s 192.168.1.100 -j ACCEPT
Expected output:
iptables: No chain/target/match by that name.
Note: The above output indicates that the rule has been added successfully.
Step 4 — Saving and Loading iptables Rules
To save the iptables rules, we can use the following command:
sudo service iptables save
Expected output:
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
To load the saved rules, we can use the following command:
sudo service iptables restart
Expected output:
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
Step 5 — Testing Your Firewall Setup
To test your firewall setup, you can use a tool like nmap to scan your server for open ports:
nmap -sT 192.168.1.100
Expected output:
Starting Nmap 7.60 ( https://nmap.org ) at 2026-02-20 14:30 UTC
Nmap scan report for 192.168.1.100
Host is up (0.00043s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
Real-World Usage
Now that you have a basic firewall setup, you can use it to protect your servers and applications from unauthorized access. For example, you can use ufw to allow incoming traffic on specific ports, and use iptables to create custom rules to restrict traffic from specific IP addresses.
Real-World Application
In a real-world scenario, you can use your Linux firewall setup to protect your web server from cyber attacks. For instance, you can use NordVPN (68% off + 3 months free) to encrypt your internet traffic, and Vultr Cloud (Get $100 free credit to host your apps) to host your web server. By combining these tools with your Linux firewall setup, you can create a robust security system to protect your online presence.
Conclusion
In this tutorial, you've learned how to set up a basic Linux firewall using ufw and iptables. Here are three key takeaways:
- Use ufw to allow incoming traffic on specific ports.
- Create custom iptables rules to restrict traffic from specific IP addresses.
- Test your firewall setup using tools like nmap. What to build next? Try setting up a VPN server on your Linux machine to encrypt your internet traffic. Check out the next article in the Linux & Security Deep Dives series to learn more.
💬 Your Turn
Have you set up a Linux firewall before? What was your approach? Drop it in the comments — I read every one.
💡 Found this helpful?
If this tutorial saved you time or solved a problem, consider:
Every coffee keeps me writing free tutorials like this one!
This article was written with AI assistance and reviewed for technical accuracy.
Part of the **Linux & Security Deep Dives* series — Follow for more free tutorials*
#aBotWroteThis
Top comments (0)