ufw (Uncomplicated Firewall) is a simple frontend to iptables: instead of long rules, you write short commands. The idea is simple — block all incoming traffic and open only the ports you actually need (SSH, your site).
On a Lumi server (Ubuntu 22.04 by default) you connect as root — the IP and password come from the server’s card in the bot. Run every command below as root.
Installation
On Ubuntu,ufw is usually already installed. If not:
Initial setup
Allow SSH
OpenSSH is a ready-made profile for port 22. If you change the default SSH port to your own, open the number directly, for example ufw allow 2222/tcp.Set the default policies
Block all incoming traffic, leave outgoing open (so the server can fetch updates and reach the network on its own):
Open your site’s ports
A web server needs 80 (HTTP) and 443 (HTTPS):View the current rules
View the current rules
Delete a rule
Delete a rule
By the rule itself:Or by the number from
ufw status numbered:ufw filters traffic on the server itself. Closed ports don’t get in the way of outgoing connections — updates and network access keep working.Where to next
Server hardening
A security checklist — keys, fail2ban, updates.
SSH keys
Key-based login instead of a password.