ufw weirdness on Ubuntu 20:04 droplet--I don't understand why allowing/denying tcp/22 affects all other ports

Posted May 3, 2021 230 views
Getting StartedFirewallUbuntu 20.04

Newbie here so I apologize in advance for any ignorance.

I’m setting up my first droplet. As I configuring my firewall with ufw, I’m getting some weird behavior. I start with default deny incoming and default allow outgoing. Then when 22/tcp is allowed, ssh works on any other open port, including mosh. Whenever 22/tcp is denied, ssh no longer works on any other port (times out when I attempt to connect). Mosh also times out when I attempt to connect if 22/tcp is denied. After denying 22/tcp, if I allow, say, 4000/tcp, I still can’t ssh into any port, and even when ufw status shows that 60000:61000 is allowed, mosh won’t work. If I just allow 22, ssh and mosh still don’t work. Once I allow 22/tcp, everything works again: 4000, 60000:61000, etc.

It’s frustrating me because on the little ssh server I put together at home (also Ubuntu 20.04 using ufw), I like to close 22 and open a different port to work on. I can’t figure out how to do that on this droplet.

Can anyone explain to me what’s going on?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi there,

As UFW is basically just a frontend wrapper for IPtables, if you have another application like Fail2ban it is possible that the IPtables chain could get messed up.

What I could suggest is starting from scratch by resetting all of the UFW rules:

sudo ufw reset

And then just allow the ports that you want to be able to access. By default all other ports will be closed so there would be no need to explicitly deny them.

If UFW is still causing problems, I could suggest removing it completely and trying out CSF, which has a nice configuration file where you could open and close ports.

Here is a quick tutorial on how to start with CSF:

Let me know how it goes!

by Lassi Ruonavaara
Config Server Firewall (CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. Learn how to install and configure on Ubuntu.