How To Open a Port in UFW Updated on December 22, 2025 by Derrell 5 Minutes, 24 Seconds to Read UFW makes managing firewall ports simple, helping you open, close, and verify access for web services, databases, and remote tools. This guide shows how to configure rules safely, check port status, and follow best practices like limiting access by IP, auditing regularly, and documenting changes. UFW is just one layer. If paired with updates, SSH keys, intrusion detection, and DDoS protection, it strengthens your server’s overall security. With the right setup, you’ll balance accessibility and protection while keeping your applications reliable and secure. Managing server security can feel overwhelming, but it doesn’t have to be. If you’re running web services, databases, or custom applications on your server, understanding how to control network access is essential. This guide walks you through opening, closing, and checking ports with UFW, while also covering best practices and practical reasons you may need to do so. This guide walks you through opening, closing, and checking ports with UFW, while also covering best practices and practical reasons you may need to do so. What Is UFW and When Should You Open a Port? A firewall acts as your server’s gatekeeper, allowing or blocking traffic based on predefined rules. UFW (Uncomplicated Firewall) simplifies that process with straightforward commands. If you’re using a managed VPS or dedicated server, UFW is often part of your security toolkit alongside other protections like intrusion detection and DDoS mitigation. You’ll need to open a port in UFW when: Running web services like Apache or NGINX (ports 80 and 443). Enabling database services like PostgreSQL or MySQL. Managing remote access tools like SSH or Webmin. Allowing custom applications to communicate with the outside world. If you’re using a managed VPS or dedicated server, UFW is often part of a layered security approach alongside intrusion detection systems and DDoS protection. Now that you know what UFW is, the next step is to learn how to configure it. Setting up rules may sound intimidating, but UFW keeps the process straightforward. Let’s move into the step-by-step instructions for opening a port. Open a Port in UFW There are multiple ways to open a port in UFW. Below, we cover how to open ports using the port number, service name, and custom IP/port combination. Log into SSH as root. Check if the application port is defined as a service (e.g. OpenVPN, PostgreSQL, IRC): cat /etc/services | grep service-name Or cat /etc/services | grep port To navigate the full list, use Page Up, Page Down, and arrow keys after using the less command: less /etc/services If the service is listed, you can open the port using the service name (TCP/UDP protocol optional): sudo ufw allow servicename sudo ufw allow servicename/tcp If there is no service listed for the port, you can open the port by specifying the port and protocol (TCP/UDP): sudo ufw allow 10000 sudo ufw allow 1352/udp If you need to allow all connections from a specific system or network IP address: sudo ufw allow from 1.2.3.4 To allow all connections from a particular subnet of IP: sudo ufw allow from 1.2.3.0/24 To allow connections on a specific port from an IP address: sudo ufw allow from 1.2.3.4 to any port 22 After you open a port in UFW, ensure UFW is enabled: sudo ufw enable Close a Port in UFW Firewall hygiene is as important as opening ports. If you uninstall software or no longer need a port open, close it. To close a port in UFW using the service name: sudo ufw deny pop3 To close a port in UFW using the port number: sudo ufw deny 995 Once you’ve added or removed rules, the next logical step is verification. Checking UFW’s status ensures the firewall is active and configured as expected. This prevents surprises when testing your applications. Check Open Ports in UFW After making changes to any firewall, you should verify your changes to ensure they’re correct and active. To check whether UFW is running: sudo ufw status To check whether UFW is running with additional information, such as logging and profile status: sudo ufw status verbose To find the rule number for UFW rules: sudo ufw status numbered Then you can remove the rule: sudo ufw delete 1 Now that you can confirm your changes, it’s important to understand why you’d need to open a port at all. The answer depends on the type of service you’re running. Let’s break down some common scenarios. Why You Might Need to Open a Port in UFW Ports serve as communication channels for different services on your server. If a port is closed, external traffic cannot reach that service. Opening a port is what makes your applications accessible to the outside world. For example: Web hosting: HTTP (80) and HTTPS (443) ports must be open for websites to load properly. Remote management: Port 22 allows SSH access, which is critical for server administration. Databases: Applications that connect to MySQL or PostgreSQL need their respective ports open to function. Email and communication services: IMAP, POP3, or SMTP ports must be open for mail delivery and retrieval. In short, opening a port ensures the services you configure are actually usable. Without it, your applications may be running correctly but remain inaccessible to end users or connected systems. Knowing why ports need to be opened is only part of the story. You also need to manage them responsibly. That’s where best practices come into play. Best Practices for Managing UFW Ports Opening a port is simple, but managing them responsibly takes discipline. Limit access by IP whenever possible, especially for SSH and databases. Audit your open ports regularly to remove unused rules. Use service names for clarity when available, so you know what each rule is for. Keep SSH access safe by ensuring you don’t lock yourself out—test rules from a second session before logging out. Document changes if you’re working within an agency or team environment. While these practices strengthen your firewall, UFW is only one part of a larger security strategy. To fully protect your hosting environment, you’ll need to combine it with other layers of defense. Let’s look at how that fits together. Beyond UFW: Strengthening Your Server Security UFW is one piece of the puzzle. A well-secured server also includes: Regular software updates. Strong SSH key authentication. Web application firewalls (WAFs). Intrusion detection and monitoring. If you’re hosting with InMotion, you benefit from NVMe-powered infrastructure, enterprise-grade DDoS protection, and 24/7 U.S.-based support. This means you can focus on growth while we handle uptime and performance. With UFW working alongside these security measures, you can achieve a strong balance of access and protection. This ensures your applications remain both functional and secure. Let’s finish with some final thoughts. Need to install and enable Uncomplicated Firewall (UFW) on your server? Get started with our UFW Basics guide. Ready to dive deeper into web server security? Check out our guide on hardening your managed VPS or dedicated server. Share this Article Derrell Willis Manager, Developer Relations More Articles by Derrell Related Articles How To Open a Port in UFW Resetting the cPanel Password in WHM How to Change your root Password in WHM How to Stop and Disable Firewalld Content Security Policy (CSP) Headers – Complete Reference Guide Why You Need To Keep Your Website’s PHP Version Up-to-Date Learning About Mod_security and Disabling Mod_security Close Open Ports for PCI Compliance How to Pass PCI Compliance Scans DDoS Protection Using Corero
