UFW (uncomplicated firewall) firewall by default comes preinstalled on Ubuntu Distributions. This doesn't mean it is active. Someone has to enable it to get it activated.
By default enabling UFW block all incoming connections including SSH. In this tutorial, let's learn how to allow SSH Port 22 through UFW on a Ubuntu system.
Prerequisites
- Access to Ubuntu system. Here I am using Ubuntu 22.04. It will work on the previous version such 20.04.
- A user with sudo access.
Step 1. Check UFW Status
First, let's check the UFW firewall status. It should be either active or inactive.
To check ufw status, type:
sudo ufw status
The output 'status: inactive' indicates that ufw is not enabled on the system.
Step 2. Allowing SSH on Port 22
As mentioned before by default enabling UFW will deny all incoming connections and same time allow all outgoing connections. For example, if you had an SSH connection to the server and on enabling UFW you will get disconnected. So before enabling UFW we should make sure SSH is allowed.
Run the following command to configure your server to allow all incoming SSH traffic on port 22:
sudo ufw allow 22
sudo ufw allow 22/tcp ##To specify by tcp sudo ufw allow 22/udp ##To specify by udp
You may also do the same by specifying the service name - ssh:
sudo ufw allow ssh
UFW is aware of which port by default ssh listens as listed in /etc/services file.
Another method is by using UFW application profile which is built within UFW. Example:
sudo ufw app list ### List all available application profiles
sudo ufw allow OpenSSH ### Enable openssh application profile.
In case you have configured ssh to listen to a different port, for example on port 222. Then you have to explicitly mention that port number.
sudo ufw allow 222
So now we have configured the system to allow ssh connection. While ufw disabled, you can verify rules by:
sudo ufw show added
Note: You should consider adding UFW limit rules to protect the server from brute force attacks by rate limiting ssh connections.
Step 3. Enable UFW
Now you can go ahead and enable UFW firewall.
sudo ufw enable
The command outputs the following message
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
Since we have already configured to allow ssh you can safely proceed with typing y from your keyboard.
Step 4. Verify
You can verify the ufw firewall status including the rules by checking the status.
sudo ufw status verbose
orsudo ufw status
This confirms the ufw firewall is active and our ssh allow rule is in place.
Note: If you are not using IPV6 you can disable its rules by editing IPV6=no in the /etc/default/ufw file.
Conclusion
The key point to remember make sure to configure your system to allow ssh before enabling UFW. We learned to allow ssh on UFW via service, port, or using application profile.
Related Read: How to Allow SSH from IP Address using UFW on Ubuntu
Comments