Question

UFW not allowing specified ports

I have this

Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
80/tcp (Apache)            ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)
80/tcp (Apache (v6))       ALLOW IN    Anywhere (v6)
80 (v6)                    ALLOW IN    Anywhere (v6)
443 (v6)                   ALLOW IN    Anywhere (v6)

If I do ufw insert 1 deny from IP it does not work, the IP is still allowed, I assumed it is because default incoming is allow! But should it though? Should not this rue override the default rule?

And whenever I run ufw default deny incoming, which is the default configuration, I cannot access my server anymore, regardless of all the custom rules I added.

I ran ufw reset and also iptables -F, and did the following:

ufw allow apache ufw allow ssh

And I could not connect unless I changed ufw default incoming to allow

Note: I think, maybe this is because I ran iptables -F, I had to because I added some custom rules to iptables directly, not through ufw, and I wanted to start over

Please advise.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
January 17, 2023

Hi @alkateb,

Yes, I think that’s because of Iptables. Basically, Iptables and UFW do the same thing so you should use either one or the other. Using both will create such issues as you’ve described.

What I’ll recommend if you wish a more customizable way is to use Iptables , in my experience it’s a bigger learning curve than UFW but in the long run it’s better.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel