๐Ÿ”’ How to Secure Jenkins Access on Linux with UFW (Allow Only Office IP)

Vikas RajpurohitVikas Rajpurohit
2 min read

Author: Vikas Rajpurohit
Purpose: Secure Jenkins (port 8080) by allowing access only from office Wi-Fi (static IP: xx.xx.xxx.xx) and denying all other external access.

โœ… Objective

  • Jenkins is running on port 8080.

  • Office public IP is xx.xx.xxx.xx (static).

  • Restrict access to Jenkins from only this IP using ufw (Uncomplicated Firewall).

โœ… Prerequisites

  • Ubuntu/Debian-based server with Jenkins installed.

  • Jenkins configured to run on port 8080 and listen on all interfaces (0.0.0.0).

  • ufw firewall is installed and active.

  • Access to the server with sudo privileges.

๐Ÿ”Ž Current UFW Status Example

sudo ufw status numbered

Example output:

[12] 8080                      DENY        Anywhere
[13] 8080                      ALLOW       xx.xx.xxx.xx

โŒ Problem: DENY rule comes before ALLOW. ufw applies the first match, so the ALLOW rule is ignored.

๐Ÿ“„ Step-by-Step Firewall Fix

โœ… Step 1: Delete Old Rules

sudo ufw delete allow from xx.xx.xxx.xx to any port 8080
sudo ufw delete deny 8080

โœ… Step 2: Re-Add in Correct Order

sudo ufw allow from xx.xx.xxx.xx to any port 8080
sudo ufw deny 8080

โœ… Step 3: Confirm Rule Order

sudo ufw status

Expected output:

8080                      ALLOW       xx.xx.xxx.xx
8080                      DENY        Anywhere
8080 (v6)                 DENY        Anywhere (v6)

๐Ÿš€ Validate Jenkins Access

1. From Server:

curl http://localhost:8080

Should return Jenkins login redirect page HTML.

2. From Browser on Office Wi-Fi:

http://<Server IP>:8080

Should load Jenkins normally.

3. From Home or Any Other IP:

Should show:

ERR_CONNECTION_TIMED_OUT

๐Ÿ”Ž Troubleshooting Case Summary

IssueDiagnosticFix
Jenkins not accessible via browserCurl worked from server, browser failedFirewall rule order issue (DENY came before ALLOW)
Jenkins listening on localhost onlyUsed netstat -tulnConfirmed Jenkins listening on 0.0.0.0:8080
Wrong IP allowedUFW rule had 23.34.213.233, but real IP was 23.34.213.232Checked actual public IP using https://whatismyipaddress.com

โœ… Final Notes

  • In ufw, first matching rule applies.

  • Always allow trusted IPs before denying access.

  • Use netstat to ensure services are listening on external interfaces.

  • Confirm external IP before applying allow rules.

Need to secure other ports (e.g. 3000, 5000)? Repeat same rule logic.

Done! Jenkins is now safely restricted to your office network.

0
Subscribe to my newsletter

Read articles from Vikas Rajpurohit directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Linuxufwfirewallsafetylinux for beginners

Written by

Vikas Rajpurohit
Vikas Rajpurohit