Home‎ > ‎Server administration‎ > ‎Firewall‎ > ‎

Enable firewall on server without SSH disconnect

When you start / enable a firewall on remote server, that you connect to using SSH, you have to make sure to change the default policy to allow from default set to deny, otherwise enabling firewall would disconnect your remote session and you would be disabled from your remote server.

Command ufw default allow will set default policy to allow, this will allow everything connection from any port to your server after your firewall is enabled. 

$ sudo ufw default allow

Enable your firewall by enable command, it will start the firewall using your settings. 

$ sudo ufw enable

Command ufw allow 22/tcp will allow all incoming TCP (not UDP)  connections to port 22 used for SSH. 

$ sudo ufw allow 22/tcp  

Command ufw default deny will change the default policy, so all incoming connections will be denied / rejected unless defined in firewall otherwise. This is opposite of the first command, it is a much safer choice to leave only used ports open to avoid security breach. 

$ sudo ufw default deny