Firewall Configuration Skill

Configure UFW firewall to control network traffic and minimize attack surface on VPS servers.

What This Skill Does

This skill helps AI agents configure UFW (Uncomplicated Firewall) on Ubuntu/Debian servers. Without a firewall, every port is potentially accessible to the internet. A properly configured firewall creates a security perimeter that only allows necessary traffic.

Key capabilities:

• Install and enable UFW firewall
• Set secure default policies (deny incoming, allow outgoing)
• Open specific ports for required services
• Configure application-specific rules
• Manage firewall rules and verify configuration
• Handle IPv4 and IPv6 traffic

When to Use

Use this skill when you need to:

• Set up a new VPS server with network security
• Restrict network access to only required services
• Implement defense in depth security
• Fix security audit findings related to open ports
• Comply with security best practices
• Protect services from unauthorized access

Critical understanding: Every open port is attack surface. Only open ports for services you're actually running.

Prerequisites

• Root or sudo access to the server
• Ubuntu or Debian-based Linux distribution
• Active SSH session (firewall must allow SSH before enabling!)
• Knowledge of which services/ports you need open

Firewall Setup Steps

Step 1: Install UFW

UFW is usually pre-installed on Ubuntu. Install if missing:

sudo apt update
sudo apt install ufw -y

Step 2: Set Default Policies

CRITICAL: Set these BEFORE enabling the firewall!

# Deny all incoming traffic by default
sudo ufw default deny incoming

# Allow all outgoing traffic by default
sudo ufw default allow outgoing

This creates a "whitelist" approach - nothing gets in unless explicitly allowed.

Step 3: Allow SSH (CRITICAL!)

WARNING: You must allow SSH before enabling UFW, or you'll lock yourself out!

sudo ufw allow ssh

Or spec...