You wouldn’t leave your front door wide open when you leave the house, so why are you doing it with your Linux servers? An open firewall means every listening service is directly attackable from the network. This isn’t theoretical; it’s how many initial breaches start.
The default posture for any server should be “deny all inbound traffic” and then explicitly permit only what’s absolutely necessary. SSH, HTTPS – that’s often it. Anything else is a potential attack surface. This is basic hygiene, yet I still see organizations missing it.
For Ubuntu/RHEL, use UFW. It simplifies iptables/nftables dramatically. Implement default deny inbound, allow outgoing, and then whitelist essential services. Log dropped packets; they’re gold for incident detection.
Here’s how to start: sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow 22/tcp
Defense-in-depth begins at the network perimeter of your host. If you’re not doing this, you’re leaving the door wide open.
The fix
# UFW example (Ubuntu)
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp
sudo ufw allow 443/tcp
sudo ufw enable
sudo ufw status verbose
Reference: CIS Linux Benchmark 3.5