DEVHIDE
Login Or Sign up

ufw blocking ssh until "allow outgoing"

2.3k Views Asked by At

On my Ubuntu 20.04 machine, I have ufw enabled and allowing ssh connections.

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
22/tcp (v6)                ALLOW IN    Anywhere (v6)

However, I get a timeout when trying to connect.

But if I then do the following:

sudo ufw default allow outgoing  # deny outgoing also works, I've discovered

it immediately starts accepting my connection. This is confusing to me -- it seems like just running some ufw command kicks the firewall into allowing incoming connections.

This is unfortunately not workable, as the state is not persisted across a reboot -- so I cannot use the computer remotely yet: I have to redo the sudo ufw default allow outgoing from the local terminal after restart.

I have tried purging and re-installing ufw. I'm interested in understanding where to look to figure out why the firewall does not allow ssh, even when the status indicates it should.

ssh ubuntu-20.04 ufw
Original Q&A
2

There are 2 best solutions below

0
On

The problem is with incoming and outgoing traffic. Check the output of the command ufw status verbose:

Default: deny (incoming), allow (outgoing), deny (routed)

This would deny any incoming traffic, including your ssh

Here is the solution for your case

sudo ufw allow incoming
sudo ufw allow outgoing
sudo ufw allow from (your rules here)
sudo ufw limit ssh (if you want to be safe)
sudo ufw deny from any

Either deny incoming or outgoing would result in a denial of ssh.

0
On

I never was able to solve the problem, but did come up with a workaround. I created a start-up script to run the no-op (since it is already the setting) ufw default allow outgoing. This seems to kick the firewall into accepting incoming connections.

$ cat /usr/local/bin/ping-ufw.sh
#!/bin/bash

ufw default allow outgoing >> /root/ping-ufw.out

$ cat /etc/systemd/system/ping-ufw.service
[Unit]
After=network.service

[Service]
ExecStart=/usr/local/bin/ping-ufw.sh

[Install]
WantedBy=default.target

sudo systemctl daemon-reload
sudo systemctl enable ping-ufw.service

Related Questions in SSH

Related Questions in UBUNTU-20.04

Related Questions in UFW

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.