WARNING: Misconfiguring your firewall can lock you out of SSH. Always keep a VNC session open in the VirtFusion panel as a backup before making any firewall changes. If you get locked out, you can use VNC to disable the firewall and regain access.
UFW (Uncomplicated Firewall) is the default firewall tool on Ubuntu and Debian.
Check current status and rules:
sudo ufw statusAllow SSH before enabling the firewall (critical!):
sudo ufw allow 22/tcpEnable the firewall:
sudo ufw enableCommon rules:
# Allow HTTP and HTTPS (web server)
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Allow a custom port
sudo ufw allow 8080/tcp
# Allow all traffic from a specific IP address
sudo ufw allow from 203.0.113.50
# Remove a rule
sudo ufw delete allow 80/tcp
# Check numbered rules (useful for deleting specific rules)
sudo ufw status numbered
sudo ufw delete 3Emergency: disable the firewall entirely:
sudo ufw disable
firewalld is the default firewall on AlmaLinux and Rocky Linux.
Check if firewalld is running:
sudo firewall-cmd --stateView all current rules:
sudo firewall-cmd --list-allAdd common services:
# Allow HTTP and HTTPS
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
# Allow a custom port
sudo firewall-cmd --permanent --add-port=8080/tcp
# Remove a service
sudo firewall-cmd --permanent --remove-service=http
# Apply your changes (required after --permanent rules)
sudo firewall-cmd --reloadEmergency: stop the firewall entirely:
sudo systemctl stop firewalld
sudo ufw allow 22/tcp before sudo ufw enable.--permanent with firewalld -- Without --permanent, your rules disappear on reboot. Always include it, then run sudo firewall-cmd --reload.
If you have locked yourself out of SSH:
# Ubuntu/Debian
sudo ufw disable
# AlmaLinux/Rocky
sudo systemctl stop firewalld