🛡️ Securing Your VPS with UFW Firewall

The Uncomplicated Firewall (UFW) is a user-friendly way to manage iptables and secure your VPS. This guide walks you through setting up basic rules to protect your validator node.

Step 1: Install UFW (if not already installed)

Most Debian/Ubuntu servers already include UFW. To be sure:

sudo apt update
sudo apt install ufw -y

Step 2: Set Default Rules

Start by setting the default behavior: allow outgoing connections and deny all incoming (unless explicitly allowed).

sudo ufw default deny incoming
sudo ufw default allow outgoing

Step 3: Allow SSH

Make sure you don't lock yourself out! Allow SSH access:

sudo ufw allow ssh

Or, if you use a custom port (e.g. 2222)

sudo ufw allow 2222/tcp

Step 4: Add Node-Specific Ports

Allow the ports your validator node needs. Replace with real values depending on the network.

Examples:

# Tendermint P2P port (default 26656)
sudo ufw allow 26656/tcp

# RPC port (optional or restricted)
sudo ufw allow 26657/tcp

# Prometheus metrics (if needed)
sudo ufw allow 9100/tcp

🔒 Only open what’s needed. Consider allowing by IP for RPC:

sudo ufw allow from YOUR_IP to any port 26657 proto tcp

Step 5: Enable UFW

Double-check allowed rules:

sudo ufw status verbose

Then enable the firewall:

sudo ufw enable

✅ The firewall will persist across reboots.

Managing Rules

Some common commands:

sudo ufw allow 1234/tcp        # Allow port 1234
sudo ufw delete allow 1234/tcp # Remove rule
sudo ufw status numbered       # View rules with numbers

✅ Done!

Your firewall is now active and filtering unwanted traffic. Combine this with SSH key access and other security hardening for a more robust validator setup.

Need help finding which ports your node uses? Check your node's config or our validator setup guides.

---

Built by Node Runners.
For the Networks We Believe In.
🌐 astrostake.xyz