SSL & Security

How to manage firewall rules (UFW)

~2 min read

UFW (Uncomplicated Firewall) controls which network ports are open on your server. DeployFly gives you a visual interface to add, remove, and toggle rules.

Steps

  1. 1

    Open the Firewall page

    Open your server and click "Firewall" in the sidebar.

  2. 2

    Enable UFW if not active

    If the firewall shows as inactive, click "Enable Firewall". Before enabling, always make sure port 22 (SSH) is in the allow list — otherwise you'll lock yourself out.

  3. 3

    Apply safe defaults

    Click "Apply Safe Defaults" to add pre-configured rules that allow SSH (22), HTTP (80), and HTTPS (443) while denying all other inbound traffic. This is a good starting point for any server.

  4. 4

    Add a custom rule

    Click "Add Rule" under the Inbound or Outbound section. Enter the port, protocol (TCP/UDP), source IP (or 0.0.0.0/0 for all), and choose Allow or Deny.

  5. 5

    Toggle or delete rules

    Use the toggle switch to temporarily disable a rule without deleting it. Click the trash icon to permanently remove a rule.

  6. 6

    View the firewall log

    Scroll down to the "Firewall Log" section to see real-time UFW block and allow events. Useful for diagnosing why a connection is failing.

Watch out

  • Blocking port 22 (SSH) while UFW is enabled will lock you out permanently. Use your VPS provider's web console to recover.
  • Your VPS provider may have its own cloud-level firewall separate from UFW. Both need to allow traffic for it to reach your server.

Tips

  • If you use a non-standard SSH port, add an allow rule for that port BEFORE enabling UFW.
  • Common ports to allow: 3306 (MySQL remote access), 6379 (Redis remote), 8080 (Node.js dev).

Related guides