π‘οΈ Securing Your VPS with UFW Firewall β
The Uncomplicated Firewall (UFW) is a user-friendly way to manage iptables and secure your VPS. This guide walks you through setting up basic rules to protect your validator node.
Step 1: Install UFW (if not already installed) β
Most Debian/Ubuntu servers already include UFW. To be sure:
sudo apt update
sudo apt install ufw -y
Step 2: Set Default Rules β
Start by setting the default behavior: allow outgoing connections and deny all incoming (unless explicitly allowed).
sudo ufw default deny incoming
sudo ufw default allow outgoing
Step 3: Allow SSH β
Make sure you don't lock yourself out! Allow SSH access:
sudo ufw allow ssh
Or, if you use a custom port (e.g. 2222
)
sudo ufw allow 2222/tcp
Step 4: Add Node-Specific Ports β
Allow the ports your validator node needs. Replace with real values depending on the network.
Examples:
# Tendermint P2P port (default 26656)
sudo ufw allow 26656/tcp
# RPC port (optional or restricted)
sudo ufw allow 26657/tcp
# Prometheus metrics (if needed)
sudo ufw allow 9100/tcp
π Only open whatβs needed. Consider allowing by IP for RPC:
sudo ufw allow from YOUR_IP to any port 26657 proto tcp
Step 5: Enable UFW β
Double-check allowed rules:
sudo ufw status verbose
Then enable the firewall:
sudo ufw enable
β The firewall will persist across reboots.
Managing Rules β
Some common commands:
sudo ufw allow 1234/tcp # Allow port 1234
sudo ufw delete allow 1234/tcp # Remove rule
sudo ufw status numbered # View rules with numbers
β Done! β
Your firewall is now active and filtering unwanted traffic. Combine this with SSH key access and other security hardening for a more robust validator setup.
Need help finding which ports your node uses? Check your node's config or our validator setup guides.
Built by Node Runners.
For the Networks We Believe In.
π astrostake.xyz