How to Allow SSH Port 22 Traffic through UFW on Ubuntu

Last updated: January 21, 2023

UFW (uncomplicated firewall) firewall by default comes preinstalled on Ubuntu Distributions. This doesn't mean it is active. Someone has to enable it to get it activated.

By default enabling UFW block all incoming connections including SSH. In this tutorial, let's learn how to allow SSH Port 22 through UFW on a Ubuntu system.

Prerequisites

  • Access to Ubuntu system. Here I am using Ubuntu 22.04. It will work on the previous version such 20.04.
  • A user with sudo access.

Step 1. Check UFW Status

First, let's check the UFW firewall status. It should be either active or inactive.

To check ufw status, type:

sudo ufw status
ufw status showing inactive

The output 'status: inactive' indicates that ufw is not enabled on the system.

Step 2. Allowing SSH on Port 22

As mentioned before by default enabling UFW will deny all incoming connections and same time allow all outgoing connections. For example, if you had an SSH connection to the server and on enabling UFW you will get disconnected. So before enabling UFW we should make sure SSH is allowed.

Run the following command to configure your server to allow all incoming SSH traffic on port 22:

sudo ufw allow 22
configure ufw to allow port 22

You may also do the same by specifying the service name - ssh:

sudo ufw allow ssh

UFW is aware of which port by default ssh listens as listed in /etc/services file.

Another method is by using UFW application profile which is built within UFW. Example:

sudo ufw app list   ### List all available application profiles
sudo ufw allow OpenSSH  ### Enable openssh application profile.

In case you have configured ssh to listen to a different port, for example on port 222. Then you have to explicitly mention that port number.

sudo ufw allow 222

So now we have configured the system to allow ssh connection. While ufw disabled, you can verify rules by:

sudo ufw show added
see ufw rules while disabled

Step 3. Enable UFW

Now you can go ahead and enable UFW firewall.

sudo ufw enable

The command outputs the following message

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Since we have already configured to allow ssh you can safely proceed with typing y from your keyboard.

Step 4. Verify

You can verify the ufw firewall status including the rules by checking the status.

sudo ufw status verbose
or
sudo ufw status

This confirms the ufw firewall is active and our ssh allow rule is in place.

Note: If you are not using IPV6 you can disable its rules by editing IPV6=no in the /etc/default/ufw file.

Conclusion

The key point to remember make sure to configure your system to allow ssh before enabling UFW. We learned to allow ssh on UFW via service, port, or using application profile.

About The Author

Bobbin Zachariah

Bobbin Zachariah

Bobbin started his career in IT in the year 2000 as a computer science instructor and worked as a Linux system engineer and senior analyst roles. Currently working in DevOps environments to increase efficiency and improve delivery time in AWS Cloud infrastructure. He is certified in RHEL, CCNA, and MCP and holds a Masters's in computer science. When in his free time love playing cricket, blogging, and listening to music.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment