Setup a firewall with UFW interface for iptables
Configuring a firewall is one of the first security measures you should take to protect your machine. UFW is an user friendly CLI interface to configure iptables. Proceed as root.
Install apt-get update && apt-get install ufw
Examples
You should be able to do a basic configuration using theses examples and tweaking them to fit your needs.
Basic rules
Allow anyone to connect to SSH ufw allow ssh or ufw allow 22
Allow anyone to connect to HTTP ufw allow http or ufw allow 80
Allow anyone to connect to HTTPS ufw allow https or ufw allow 443 or ufw allow from any to any port 443
Allow anyone to connect to range of ports from 27960 to 27961 with protocol tcp ufw allow 27960:27961/tcp
Allow anyone to connect to OpenVPN ufw allow 1194/udp
Allowing everybody to connect may be convinient but if you can restrict access, it is better.
IP control rules
Allow 66.88.77.33 to connect to SSH ufw allow from 66.88.77.33 to any port 22
Allow 192.168.0.5 to connect to samba shares ufw allow from 192.168.0.5 to any port 445 proto tcp
Allow 192.168.0.XXX to connect to samba shares ufw allow from 192.168.0.0/24 to any port 445 proto tcp
Allow 10.8.0.0.XXX (internal OpenVPN on my server) to connect to mosh ufw allow from 10.8.0.0/24 to any port 60000:60002 proto udp
Allow 66.88.77.33 to connect to mosh ufw allow from 66.88.77.33 to any port 60000:60002 proto udp
You can use ranges of ports only if you specify a protocol
Block IP
Insert IP blocking rule in position number 1 ufw insert 1 deny from 77.222.111.66 to any
Delete rules
Delete rule syntax example ufw delete allow ssh
Delete rule syntax example ufw delete allow from 66.88.77.33 to any port 22
Check status with numbered rules ufw status numbered
Delete rule number 2 ufw delete 2
Enable firewall
ufw enable
Check status
ufw status
Disable firewall
ufw disable