softwar66
By:
softwar66

enabled UFW locks me out, my web pages doesn´t work, SSH also not, rulles applied

December 16, 2016 257 views
Firewall Ubuntu 16.04

I have upgraded my droplet from 12.04 to 16.04.01 LTS.
As soon I enable UFW nothing works, no SSH, no web.
Rules were reapplied, like they were in previous system, see below, I have flushed iptables, reinstalled UFW. Can´t figure out what else it can be? Also when I reboot system UFW is diabled.

RULES

tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 80 -j ACCEPT

tuple ### allow tcp 443 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 443 -j ACCEPT

tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 25 -j ACCEPT

tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 OpenSSH - in

-A ufw-user-input -p tcp --dport 22 -j ACCEPT -m comment --comment 'dapp_OpenSSH'

tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp --dport 22 -j ACCEPT

tuple ### allow any 25 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 25 -j ACCEPT
-A ufw-user-input -p udp --dport 25 -j ACCEPT

END RULES

2 Answers

You can try adding rules to UFW before enabling it. You can enable application by port or by it's name. Some applications can register their profiles with UFW, so UFW can manage them by name.

Executing

  • sudo ufw app list
Sample output
Available applications: Apache Apache Full Apache Secure OpenSSH

To be able able to use SSH, you need to allow it before enabling UFW:

  • sudo ufw allow OpenSSH

Same can be done by enabling port, instead of name:

  • sudo ufw allow 22/tcp

Now, when you enable UFW (sudo ufw enable), SSH should be working. You should allow your web server, so you can access it.
UFW is IPtables configuration tool, this rules should still persist, but you can try adding rules to UFW too.

Following articles can help you understanding UFW:
How To Set Up a Firewall with UFW on Ubuntu 14.04.
UFW Essentials: Common Firewall Rules and Commands.

UFW, or Uncomplicated Firewall, is an interface to iptables that is geared towards simplifying the process of configuring a firewall. While iptables is a solid and flexible tool, it can be difficult for beginners to learn how to use it to properly configure a firewall. If you're looking to get started securing your network, and you're not sure which tool to use, UFW may be the right choice for you. This tutorial will show you how to set up a firewall with UFW on Ubuntu 14.04.

Thanks for answer.

Still I can´t make this work. After Ubuntu upgrade to 16.04.01 I can not make sites running.
With UFW disabled everything works. What else it can be? I am simply out of ideas.

UFW output is set so:
http://pasteboard.co/fLsA7c731.jpg

Have read both articles mentioned above.
Have set same setup some time ago on 14.04.

Have another answer? Share your knowledge.