UFW Firewall Setup for Minecraft Server
Set up UFW for a Minecraft server by allowing the correct Java TCP port, SSH safely, optional proxy/backend rules, and avoiding common lockout mistakes.
UFW is a simple Linux firewall wrapper, but a wrong order of commands can lock you out of a VPS. Allow SSH before enabling the firewall.
Safe Basic Rules
For a normal Java server on port 25565:
sudo ufw allow OpenSSH
sudo ufw allow 25565/tcp
sudo ufw enable
sudo ufw status verbose
If your SSH service does not use the standard profile or port, allow your actual SSH port before enabling UFW.
On a remote VPS, enabling UFW without an SSH allow rule can disconnect you and require provider console access.
Match server.properties
server-port=25565
server-ip=
If your Minecraft server uses 25577, open 25577/tcp, not 25565/tcp.
Proxy and Backend Servers
For a Velocity or BungeeCord setup, the public proxy port should be open to players. Backend ports should usually be restricted to the proxy IP.
Example shape:
sudo ufw allow 25565/tcp
sudo ufw allow from 10.0.0.5 to any port 25566 proto tcp
Adjust IPs and ports to your real network. Do not copy backend rules blindly.
Provider Firewalls
Many VPS providers have a cloud firewall above UFW. If UFW allows the port but players still time out, check the provider dashboard.
Use how to check if port 25565 is open after the server is running.
FAQ
What UFW rule does a Java server need?
A normal Java server needs TCP on the configured server-port, commonly `sudo ufw allow 25565/tcp`.
Should I allow UDP too?
Not for normal Java Edition. Bedrock or Geyser setups may need UDP depending on configuration.
Can UFW lock me out of my VPS?
Yes. Always allow SSH before enabling UFW on a remote server.
Related Tools
server.properties Generator
Generate a clean Minecraft server.properties baseline for online mode, max players, difficulty, view distance, simulation distance, and command blocks.
Minecraft Port Checker / Troubleshooting Wizard
Build a Minecraft port troubleshooting plan for port 25565, home hosting, VPS firewalls, panel allocations, proxy networks, DNS, and CGNAT.
Backup Schedule Generator
Generate a Minecraft server backup schedule with interval, retention, storage estimate, off-node backup reminder, and cron-style examples.
Related Articles
VPS vs Shared Minecraft Hosting
Compare VPS and shared Minecraft hosting for performance, control, support, backups, security, cost, panels, migrations, and admin workload.
Port Forwarding Not Working for Minecraft Server
Fix Minecraft port forwarding not working by checking server-port, local IP, router NAT, Windows Firewall, UFW, provider firewalls, and CGNAT.
Minecraft Port 25565 Explained
Understand Minecraft port 25565, when to change it, TCP vs UDP, port forwarding, firewalls, SRV records, and common server-port mistakes.