Question

UFW not allowing specified ports

I have this

Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
80/tcp (Apache)            ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)
80/tcp (Apache (v6))       ALLOW IN    Anywhere (v6)
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)

If I do ufw insert 1 deny from IP it does not work, the IP is still allowed, I assumed it is because default incoming is allow! But should it though? Should not this rue override the default rule?

And whenever I run ufw default deny incoming, which is the default configuration, I cannot access my server anymore, regardless of all the custom rules I added.

I ran ufw reset and also iptables -F, and did the following:

ufw allow apache ufw allow ssh

And I could not connect unless I changed ufw default incoming to allow

Note: I think, maybe this is because I ran iptables -F, I had to because I added some custom rules to iptables directly, not through ufw, and I wanted to start over

Please advise.


Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
January 17, 2023

Hi @alkateb,

Yes, I think that’s because of Iptables. Basically, Iptables and UFW do the same thing so you should use either one or the other. Using both will create such issues as you’ve described.

What I’ll recommend if you wish a more customizable way is to use Iptables , in my experience it’s a bigger learning curve than UFW but in the long run it’s better.