UFW makes it easy to secure your Ubuntu server by managing firewall rules with simple commands. Here’s how to use it effectively—especially for VoIP, SSH, and web servers.
✅ Step 1: Check UFW Status
bashCopyEditsudo ufw status
🚫 Step 2: Block All Incoming Connections
Set UFW to deny all incoming traffic by default, allowing only the services you explicitly allow:
bashCopyEditsudo ufw default deny incoming
sudo ufw default allow outgoing
🔓 Step 3: Allow SSH Access on Port 22
Essential: This keeps your server accessible via SSH.
bashCopyEditsudo ufw allow 22
🔐 Step 4: Allow Custom SSH Port Range (20 Ports)
If you use SSH on a range of ports (e.g., 2200–2219), allow them like this:
bashCopyEditsudo ufw allow 2200:2219/tcp
📞 Step 5: Allow SIP Port 5060 (UDP for VoIP)
To use VoIP with Asterisk, FreePBX, or Vicidial, allow SIP traffic:
bashCopyEditsudo ufw allow 5060/udp
🚀 Step 6: Enable UFW
After setting the rules, enable the firewall:
bashCopyEditsudo ufw enable
👁️ Step 7: View Active Rules
Check which rules are active:
bashCopyEditsudo ufw status numbered
🛠️ Extra Useful UFW Commands
| Action | Command |
|---|---|
| Deny a port | sudo ufw deny 23 |
| Delete a rule | sudo ufw delete allow 5060/udp |
| Reset all rules | sudo ufw reset |
🧠 Best Practices for UFW
- Only allow necessary ports (like 22, 5060).
- Use IP restrictions for sensitive services.
- Periodically check and clean up firewall rules.
📊 UFW Use Case Example for VoIP Server
| Purpose | Port | Protocol | UFW Command |
|---|---|---|---|
| SSH Access | 22 | TCP | sudo ufw allow 22 |
| Custom SSH | 2200–2219 | TCP | sudo ufw allow 2200:2219/tcp |
| SIP (VoIP) | 5060 | UDP | sudo ufw allow 5060/udp |
| All Incoming | Blocked | – | sudo ufw default deny incoming |