Secure Your Linux Server: Auto-Audit & Fix UFW Firewall Rules

Ideal for developers, sysadmins, or anyone managing Linux servers.

πŸš€ Introduction

Securing your Linux server is critical, especially when it’s exposed to the internet. One of the easiest and most effective tools to manage your server firewall is UFW (Uncomplicated Firewall).

In this guide, I’ll walk you through an interactive script I built that:

  • Checks if UFW is installed and running
  • Installs and enables it if needed
  • Scans your firewall rules
  • Identifies misconfigurations
  • Suggests secure alternatives
  • Optionally applies fixes (with care!)

Perfect for system admins, freelancers, or anyone running a VPS (e.g., AWS Lightsail, EC2, DigitalOcean, etc.).

πŸ”§ Features of the Script

βœ… Checks UFW status and installation
βœ… Suggests rules based on common security guidelines
βœ… Detects and warns about open dangerous ports (e.g., 22, 80 open to world)
βœ… Recommends changing default SSH port
βœ… Offers auto-fix with user confirmation
βœ… Supports IPv4 and IPv6 scanning
βœ… Logs findings for audit/compliance

πŸ›‘οΈ Example Recommendations:

  • Change SSH Port: sudo nano /etc/ssh/sshd_config
  • # Change Port 22 to 2222
  • sudo systemctl restart ssh
  • sudo ufw allow 2222/tcp
  • sudo ufw delete allow 22/tcp

βœ… Try It!

git clone https://github.com/mxkdevops/UFW-audit.git
cd ufw-audit-fixer
chmod +x ufw_audit.sh
sudo ./ufw_audit.sh

πŸ”š Conclusion

This tool helps Linux admins detect firewall vulnerabilities quickly, with easy-to-understand advice and the option to fix issues securely. It’s ideal for compliance audits, pentest prep, or day-to-day hardening.

Stay safe β€” automate wisely!

Related Posts

Scroll to Top