How to allow git connections with UFW firewall

Posted March 1, 2021 1k views
NginxGitFirewallUbuntu 20.04

I am setting up a server by following the directions here:

Initial set up of Ubuntu 20.04 server:

Installing Nginx:

Securing Nginx:

I’ve followed everything step-by-step and my server works on HTTPS. However when I try to clone a git repo hosted on GitLab, the connection repeatedly fails with the following error:

kex_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Now, I have generated an SSH key on my server (via ssh-keygen) and added the public SSH key to the Gitlab website.

However the firewall is not allowing me to connect. I have tried “sudo ufw allow git” but this did not work.

I was able to clone the repo by disabling the firewall (sudo ufw disable) and then enabling the firewall after the repo has been cloned, however this is not a realistic solution for obvious reasons.

Can anyone help out? Do I allow a certain port or specific IP for Gitlab connections?


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi @feynnbot,

Git has two types of cloning its repo via HTTP or SSH. In order to allow SSH, you can do :

ufw allow openssh

Then try

ufw status

To see all allowed connections.

Additionally, I’ll allow HTTP connections as well.

Alternatively, I’ve seen on some other forums that the following should work as well

# For allowing access to
sudo ufw allow out on eth0 to port 22