How to Harden a Linux Server with UFW and Rate‑Limiting Rules

When a public‑facing server is exposed to the internet, brute‑force attacks against SSH, RDP, or web services are inevitable. A lightweight, host‑based firewall like UFW (Uncomplicated Firewall) can block unwanted traffic and, when combined with rate‑limiting, can mitigate credential‑stuffing attempts without adding noticeable latency. This tutorial walks you through installing UFW, defining a default‑deny policy, allowing only essential services, and applying smart rate‑limits.

Prerequisites

• A fresh Ubuntu 22.04 (or newer) server with sudo privileges.
• Basic familiarity with the command line and SSH access.
• Root or sudo access to modify firewall rules.

Step 1: Update the System and Install UFW

Before configuring the firewall, ensure the package index is current and install UFW from the official repositories.

sudo apt update && sudo apt upgrade -y
sudo apt install ufw -y

Step 2: Configure a Default‑Deny Policy

A default‑deny stance blocks all inbound traffic unless explicitly permitted. This is the safest baseline.

# Set default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing

When you spin up a new instance, you can rely on Cloud VPS to provide a clean Ubuntu environment that’s ready for UFW configuration.

Step 3: Allow Essential Services

Open only the ports you actually need. Below are common services; adjust as required.

SSH (Port 22) with Rate Limiting

# Allow SSH and apply rate limiting (max 6 connections per minute)
sudo ufw allow ssh
sudo ufw limit ssh

HTTP/HTTPS (Ports 80 & 443)

# Web traffic
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Custom Application Port (e.g., 8080)

# Example for a Node.js or Java app
sudo ufw allow 8080/tcp

Step 4: Add Advanced Rate‑Limiting Rules

UFW’s limit keyword works well for SSH, but you can craft more granular rules using ufw with comment and rate parameters.

Limit HTTP POST Requests

To protect against HTTP flood attacks, limit the number of new connections per minute.

# Allow 30 new connections per minute from a single IP to port 80
sudo ufw insert 1 allow proto tcp from any to any port 80 comment 'rate limit HTTP' \
    && sudo ufw limit 80/tcp

Restrict Access to Management Interfaces

If you expose a management UI (e.g., phpMyAdmin on 8081), limit it to a trusted subnet and apply rate limiting.

# Allow only 192.168.1.0/24 and limit connections
sudo ufw allow from 192.168.1.0/24 to any port 8081 proto tcp comment 'admin UI'
sudo ufw limit from 192.168.1.0/24 to any port 8081 proto tcp

Step 5: Enable UFW and Verify Rules

After defining all rules, enable the firewall. UFW will prompt for confirmation; answer y.

sudo ufw enable

Check the active rule set:

sudo ufw status verbose

Typical output should show Default: deny (incoming), allow (outgoing) and a list of allowed/limited ports.

Step 6: Test Rate‑Limiting Effectiveness

From a remote host, simulate rapid connection attempts to verify that the limits trigger.

# Example using nmap to flood SSH (replace 203.0.113.10 with your server IP)
nmap -p 22 --max-retries 0 --max-rate 1000 203.0.113.10

After a few attempts, you should see Connection timed out or Too many attempts messages, confirming that UFW is throttling the traffic.

Step 7: Persisting Changes Across Reboots

UFW writes its configuration to /etc/ufw/. As long as the service is enabled, rules survive reboots automatically. Verify the service is set to start on boot:

sudo systemctl is-enabled ufw
# Expected output: enabled

Step 8: Monitoring and Logging

UFW logs are stored in /var/log/ufw.log. To view recent blocked attempts:

sudo tail -f /var/log/ufw.log

For a more visual approach, integrate the log with fail2ban to automatically ban IPs that exceed a threshold.

Conclusion

Implementing a default‑deny firewall with carefully crafted allow and rate‑limit rules dramatically reduces the attack surface of any Linux server. By following the steps above, you protect SSH, web services, and custom application ports without sacrificing legitimate traffic. Remember to periodically review ufw status, adjust limits based on traffic patterns, and combine firewall hardening with other layers such as fail2ban or intrusion‑detection systems for a defense‑in‑depth strategy.