What services does SKYLINE provide?

We provide specialized divisions including: Data Centre Design & Build (Tier III/IV), Cybersecurity SOC/NOC Operations, SCADA & Automation, Fire Safety, Construction, HVAC, AI Solutions, Server Infrastructure with HPE & Dell, and Software Development.

Does SKYLINE design and build data centres?

Yes, we specialize in Tier III and Tier IV data centre design and construction including electrical infrastructure, precision cooling, raised flooring, fire suppression, and Schneider Electric UPS systems. All our projects are SACS-002 compliant and trusted by major clients like Saudi Aramco and SABIC.

Where is SKYLINE located?

Our headquarters is in Dammam, Eastern Province, Saudi Arabia. We serve all regions of Saudi Arabia and GCC countries including Riyadh, Jeddah, Khobar, Dhahran, and Jubail.

What compliance certifications does SKYLINE hold?

We comply with NCA-ECC (Essential Cybersecurity Controls), SACS-002 (Saudi Communications Standards for Data Centres), ISO 27001 (Information Security Management), and SAMA Cybersecurity Framework.

What experience does SKYLINE have in the Saudi market?

SKYLINE was founded in 2019 with 6+ years of experience, has completed 15+ mega projects including the FIFA Club World Cup, and serves 200+ clients including Saudi Aramco, SABIC, Maaden, and STC.

SKYLINE Industrial & IT Solutions

A field-tested, step-by-step guide. How to Configure UFW for Specific Ports on Ubuntu — prerequisites, the actual commands, verification, and links to related Ubuntu topics.

SKYLINE Engineering @skyline

Published: Apr 3, 2026
Last updated: May 28, 2026
Reading time: 2 min

UFW — Uncomplicated Firewall — is the friendly front-end to iptables/nftables on Ubuntu. The default-deny + allow-only-what-you-need pattern stops 99 percent of internet noise from ever touching your services.

Prerequisites

Ubuntu 22.04 or 24.04 with sudo.
An open SSH session you can keep alive while you change rules.
A clear list of the ports your services actually listen on (sudo ss -tulpn).

Step 1: Confirm UFW is installed and its state

sudo apt install -y ufw
sudo ufw status verbose

If it says inactive, set policy and your SSH allow before you enable it — locking yourself out is annoying.

Step 2: Set default-deny policy

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw default deny routed

Step 3: Allow your management ports first

Always allow SSH before enabling:

sudo ufw allow 22/tcp comment 'ssh'
# If you moved SSH off 22:
# sudo ufw allow 2222/tcp comment 'ssh-alt'

Step 4: Open specific service ports

Typical web host:

sudo ufw allow 80/tcp  comment 'http'
sudo ufw allow 443/tcp comment 'https'

Source-restricted DB access (only your app server):

sudo ufw allow from 10.0.1.20 to any port 5432 proto tcp comment 'postgres from app'

Rate-limited SSH (drops brute-force traffic):

sudo ufw limit 22/tcp comment 'ssh rate-limited'

Custom port range for a service:

sudo ufw allow 30000:30100/tcp comment 'agent port range'

Step 5: Enable and verify

sudo ufw enable
sudo ufw status numbered

The numbered listing is what you use to delete a rule later:

sudo ufw delete 5

Step 6: Logging

sudo ufw logging medium
sudo tail -f /var/log/ufw.log

medium is enough for most ops — low skips allow logs, high logs everything (noisy).

Verify

sudo ufw status verbose
sudo iptables -L INPUT -n | head -20     # underlying iptables view
nmap -Pn -p 22,80,443,3306 your.host     # from a workstation

nmap should show only the ports you allowed as open; the rest as filtered.

Conclusion

UFW gives you readable rules without forcing you to learn iptables syntax — but the iptables/nftables chains are right there if you need to debug. Apply default-deny once and you can leave it alone for years.

Next steps

Pair UFW with Fail2ban to drop scanners automatically.
Audit listeners regularly with systemd service management.
For RHEL family servers, see the firewalld zones guide.

SKYLINE Engineering

@skyline

The engineering team at SKYLINE Industrial Solutions. We publish field-tested guides drawn from real KSA and GCC deployments.

See author profile

SKYLINE engineering services

Need this implemented for you?

Reading is free — building it right takes a team. SKYLINE engineers ship Ubuntu for Aramco vendors, banks, hospitals and government agencies across Saudi Arabia. Talk to us before you start.

Server Infrastructure Dell, HPE, Huawei, VMware, Hyper-V, HCI IT AMC Annual maintenance, 24/7 SLA, Bronze→Platinum

Talk to a SKYLINE engineer WhatsApp · +966 50 993 9334 Call +966 50 993 9334

Aramco Approved Contractor ISO 9001 · ISO 27001 SAMA CSF aligned NCA ECC ready 247+ KSA clients

Comments

0 total · 0 threads

Be the first to leave a comment.