UFW is one of those tools that looks almost too simple.
You type a few commands, allow SSH, deny incoming traffic, enable the firewall, and suddenly your Linux home server feels more serious.
But then the real questions start:
- Should I allow a port from everywhere or only from my LAN?
- Should Docker services be exposed?
- Should outgoing traffic be blocked?
- How do I avoid locking myself out of SSH?
- What rules actually make sense for a home server?
This post is a practical guide to UFW firewall rules for home servers. Not enterprise firewall theory. Not copy-paste paranoia. Just useful rules for a Linux box running at home, probably doing too many things, and hopefully not exposing random ports to the whole internet.
UFW means Uncomplicated Firewall. Ubuntu describes it as the default firewall configuration tool, designed to make host-based firewall management easier. By default, UFW is usually disabled until you enable it.
That last part matters.
Installing Linux does not automatically mean your host firewall is active.
