First lets install UFW
$ sudo apt-get install ufw
Check the Status
$ sudo ufw status verbose
By default, UFW is disabled so you should see something like this:
$ Status: inactive
Let’s set your UFW rules back to the defaults so we can be sure that you’ll be able to follow along with this tutorial. To set the defaults used by UFW, use these commands:
$ sudo ufw default deny incoming
Output:
Default incoming policy changed to ‘deny’
(be sure to update your rules accordingly)
$ sudo ufw default allow outgoing
Output:
Default outgoing policy changed to ‘allow’
(be sure to update your rules accordingly)
Allow SSH Connections
To configure your server to allow incoming SSH connections, you can use this UFW command:
$ sudo ufw allow ssh
Output:
Rules updated
Rules updated (v6)
this command works the same as the one above:
$ sudo ufw allow 22
Or if ssh is on a different port
$ sudo ufw allow 2222
Now that your firewall is configured to allow incoming SSH connections, we can enable it
$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup
Now lets add the port access for IPFS
4001 – default libp2p swarm port – should be open to public for all nodes if possible
5001 – API port – provides write/admin access to the node – should be locked down or only to your IP.
8080 – Gateway
$ sudo ufw allow 4001
$ sudo ufw allow 5001
$ sudo ufw allow 8080/tcp
Reload
$ sudo ufw reload
Remove a Port
$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 4001 ALLOW IN Anywhere
[ 3] 5001 ALLOW IN Anywhere
[ 4] 8080/tcp ALLOW IN Anywhere
[ 5] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 6] 4001 (v6) ALLOW IN Anywhere (v6)
[ 7] 5001 (v6) ALLOW IN Anywhere (v6)
[ 8] 8080/tcp (v6) ALLOW IN Anywhere (v6)
$ sudo ufw delete 2
Delete all firewall rules
$ sudo ufw reset
To Allow connections for the Webui on a specific IP:
$ sudo ufw allow from 1.2.3.4 to any port 5001
sudo ufw reload