Skip to content

πŸ›‘οΈ Securing Your VPS with UFW Firewall ​

The Uncomplicated Firewall (UFW) is a user-friendly way to manage iptables and secure your VPS. This guide walks you through setting up basic rules to protect your validator node.

Step 1: Install UFW (if not already installed) ​

Most Debian/Ubuntu servers already include UFW. To be sure:

bash
sudo apt update
sudo apt install ufw -y

Step 2: Set Default Rules ​

Start by setting the default behavior: allow outgoing connections and deny all incoming (unless explicitly allowed).

bash
sudo ufw default deny incoming
sudo ufw default allow outgoing

Step 3: Allow SSH ​

Make sure you don't lock yourself out! Allow SSH access:

bash
sudo ufw allow ssh

Or, if you use a custom port (e.g. 2222)

bash
sudo ufw allow 2222/tcp

Step 4: Add Node-Specific Ports ​

Allow the ports your validator node needs. Replace with real values depending on the network.

Examples:

bash
# Tendermint P2P port (default 26656)
sudo ufw allow 26656/tcp

# RPC port (optional or restricted)
sudo ufw allow 26657/tcp

# Prometheus metrics (if needed)
sudo ufw allow 9100/tcp

πŸ”’ Only open what’s needed. Consider allowing by IP for RPC:

bash
sudo ufw allow from YOUR_IP to any port 26657 proto tcp

Step 5: Enable UFW ​

Double-check allowed rules:

bash
sudo ufw status verbose

Then enable the firewall:

bash
sudo ufw enable

βœ… The firewall will persist across reboots.

Managing Rules ​

Some common commands:

bash
sudo ufw allow 1234/tcp        # Allow port 1234
sudo ufw delete allow 1234/tcp # Remove rule
sudo ufw status numbered       # View rules with numbers

βœ… Done! ​

Your firewall is now active and filtering unwanted traffic. Combine this with SSH key access and other security hardening for a more robust validator setup.

Need help finding which ports your node uses? Check your node's config or our validator setup guides.


Built by Node Runners.
For the Networks We Believe In.
🌐 astrostake.xyz