UFW not allowing ssh even though i have allowed it

br flag

Struggling a bit with UFW on ubuntu, i have internal and external adapters and on this particular server i only want public access to port 22 which is the adapter "eno1"

To acomplish this i first blocked everything:

ufw deny in on eno1 from any

After i then allowed port 22 for ssh:

ufw allow in on eno1 to any port 22

My rules now look like this:

To                         Action      From
--                         ------      ----
Anywhere on eno1           DENY        Anywhere                  
22 on eno1                 ALLOW       Anywhere                  
Anywhere (v6) on eno1      DENY        Anywhere (v6)             
22 (v6) on eno1            ALLOW       Anywhere (v6) 

However i now cannot ssh into the server from outside, even though it clearly shows ALLOW on port 22. (i will need to put the server in recovery mode and delete the rules to get back in)

fr flag

The order of the rules matter as the first terminating rule to match the packet determines its destiny.

In your case ssh packet arrives and it matches the first rule which results in a DROP. The packet never gets a chance to hit the ALLOW rule which comes next.

The rule of thumb: the more specific the rule is the sooner it should appear in the chain. Less specific rules (like matching all packets) should be specified last.


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.