How to Reset The Firewall on Ubuntu
What You’ll Need
- A Droplet running Ubuntu 16.x or 18.x
- SSH or Console Access to your Droplet
Why Reset The Firewall?
If you find that you’re unable to login via SSH, or you are no longer able to access your website or application from the browser, the firewall on your Droplet may be preventing the connection from going through. Resetting the firewall to a default state and allowing connections through to the ports you are trying to access may resolve the issue or rule out the firewall as a potential source.
By default, Ubuntu 16.x and 18.x use
ufw, or Uncomplicated Firewall. For the purpose of this mini guide, we’ll be going through the steps needed to disable and reset the firewall, and then allow connections through to the most common ports.
Step 1: Disabling ufw
ufw, we’re allowing all connections through. If, after executing the command below, you are able to connect via SSH, or to your website/application, the firewall was blocking your connection attempt and you can move forward with the next steps. If you are still unable to access your Droplet via SSH, or access to your website/application continues to be blocked, there may be another issue preventing access.
sudo ufw --force disable
Step 2: Resetting ufw
ufw will clear/remove all existing rules and allow us to start from a clean slate.
sudo ufw --force reset
Step 3: Deny All Incoming Connections
By denying all incoming connections, we’re using the whitelist method of allowing access only on the ports that we define. We’ll define those ports in Step 5.
sudo ufw default deny incoming
Step 4: Allow All Outgoing Connections
By allowing all outgoing connections, we’re allowing any connection from the Droplet to the outside world, regardless of which port the connection is being made on. Unless you have a specific use case for limiting outgoing connections, it’s best to allow all.
sudo ufw default allow outgoing
Step 5: Defining Ports That Allow Connections
For the purpose of this mini guide, we’re focused on three primary ports (listed below), though you can add additional ports through the firewall at any time (without having to repeat steps 1-4). The command to add a port through remains the same, only the port will change.
- SSH - Port 22
- HTTP - Port 80
- HTTPS - Port 443
Allow TCP connections on Port 22
sudo ufw allow 22/tcp
Allow TCP connections on Port 80
sudo ufw allow 80/tcp
Allow TCP connections on Port 443
sudo ufw allow 443/tcp
Step 6: Enabling ufw
Now that we’ve reset the firewall and defined our whitelisted ports, we’ll enable
ufw which will enforce the rules that we’ve put in to place.
sudo ufw --force enable
sudo ufw allow 27017/tcp
sudo ufw allow 3306/tcp
sudo ufw allow 5432/tcp
sudo ufw allow 6379/tcp