Question

How to Reset The Firewall on Ubuntu

What You’ll Need

  • A Droplet running Ubuntu 16.x or 18.x
  • SSH or Console Access to your Droplet

Why Reset The Firewall?

If you find that you’re unable to login via SSH, or you are no longer able to access your website or application from the browser, the firewall on your Droplet may be preventing the connection from going through. Resetting the firewall to a default state and allowing connections through to the ports you are trying to access may resolve the issue or rule out the firewall as a potential source.

Getting started

By default, Ubuntu 16.x and 18.x use ufw, or Uncomplicated Firewall. For the purpose of this mini guide, we’ll be going through the steps needed to disable and reset the firewall, and then allow connections through to the most common ports.

Step 1: Disabling ufw

By disabling ufw, we’re allowing all connections through. If, after executing the command below, you are able to connect via SSH, or to your website/application, the firewall was blocking your connection attempt and you can move forward with the next steps. If you are still unable to access your Droplet via SSH, or access to your website/application continues to be blocked, there may be another issue preventing access.

sudo ufw --force disable

Step 2: Resetting ufw

Resetting ufw will clear/remove all existing rules and allow us to start from a clean slate.

sudo ufw --force reset

Step 3: Deny All Incoming Connections

By denying all incoming connections, we’re using the whitelist method of allowing access only on the ports that we define. We’ll define those ports in Step 5.

sudo ufw default deny incoming

Step 4: Allow All Outgoing Connections

By allowing all outgoing connections, we’re allowing any connection from the Droplet to the outside world, regardless of which port the connection is being made on. Unless you have a specific use case for limiting outgoing connections, it’s best to allow all.

sudo ufw default allow outgoing

Step 5: Defining Ports That Allow Connections

For the purpose of this mini guide, we’re focused on three primary ports (listed below), though you can add additional ports through the firewall at any time (without having to repeat steps 1-4). The command to add a port through remains the same, only the port will change.

Common Ports

  • SSH - Port 22
  • HTTP - Port 80
  • HTTPS - Port 443

Allow TCP connections on Port 22

sudo ufw allow 22/tcp

Allow TCP connections on Port 80

sudo ufw allow 80/tcp

Allow TCP connections on Port 443

sudo ufw allow 443/tcp

Step 6: Enabling ufw

Now that we’ve reset the firewall and defined our whitelisted ports, we’ll enable ufw which will enforce the rules that we’ve put in to place.

sudo ufw --force enable

Additional Ports

MongoDB

sudo ufw allow 27017/tcp

MySQL

sudo ufw allow 3306/tcp

Postgres

sudo ufw allow 5432/tcp

Redis

sudo ufw allow 6379/tcp

Additional Resources


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Jonathan Tittle
DigitalOcean Employee
DigitalOcean Employee badge
June 30, 2019
Accepted Answer

If you’d prefer to use a one-liner that you can copy and paste to perform the same actions noted in the guide above, please feel free to use:

sudo ufw --force disable \
&& sudo ufw --force reset \
&& sudo ufw default deny incoming \
&& sudo ufw default allow outgoing \
&& sudo ufw allow 22/tcp \
&& sudo ufw allow 80/tcp \
&& sudo ufw allow 443/tcp \
&& sudo ufw --force enable

You can also turn this into a quick bash script. Simply copy and paste the below into a file using the filename of your choice (i.e. reset.sh)

#!/usr/bin/env bash

sudo ufw --force disable \
&& sudo ufw --force reset \
&& sudo ufw default deny incoming \
&& sudo ufw default allow outgoing \
&& sudo ufw allow 22/tcp \
&& sudo ufw allow 80/tcp \
&& sudo ufw allow 443/tcp \
&& sudo ufw --force enable

Once saved and uploaded, run chmod +x reset.sh and you can now execute it using:

./reset.sh
Bobby Iliev
Site Moderator
Site Moderator badge
June 28, 2019

Great article! I’ll definitely use this in the future!

Regards, Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel