View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions How do i access my server after enabling UFW?
Log in to Ask a Question

How do i access my server after enabling UFW?

i recently installed ufw on my server and i cant access it via ssh or lish, it keeps bringing up a [UFW BLOCK] error

3 Replies

Linode Staff

Hey @mustaphaibrahim. By your description, it sounds like this could be one of two things: Either your console is getting flooded with firewall messages that are keeping you from logging in or UFW is set up to block your connection.

If it's the first issue (firewall rules are flooding your console log), it could be due to UFW simply blocking a ton of connection attempts, and it's printing the log so often it appears as if you can't do anything else. To remedy that, you'll have to first "fight your way in" by logging in through the Lish console with your root username and password and then run the following command to edit your running sysctl config and stop the printing:

sudo sysctl -w kernel.printk="3 4 1 3"

To immediately stop the printing, you can also run:

dmesg -D

This is reviewed with more detail in another Community post here: Lish console consantly prints iptables logging

Once you're into your server, it might be best to reset UFW's ruleset to ensure nothing is getting unintentionally blocked (including your SSH port). You can reset UFW with the following command:

ufw reset

To reconfigure UFW, we have a pretty good guide that goes over how to configure your rules from the ground up:

How to Configure a Firewall with UFW

Hopefully this helps!

@jdutton
I just enabled ufw on Debian 11 and it seems that it's blocking traffic as shown on LISH below.

[UFW BLOCK] IN=eth0 OUT= MAC=………………………

In ufw, I allowed the following:
ssh
http
https

I disabled ufw for now. I don't want to get locked-out
Thank you.

You need to enable:

  • dns (udp); and
  • dns (tcp)

too. If you want you can restrict DNS traffic to/from Linode DNS servers if you like:

IPv4:

  • 162.159.27.72
  • 162.159.24.39
  • 162.159.25.129
  • 162.159.26.99
  • 162.159.24.25

IPv6:

  • 2400:cb00:2049:1::a29f:1a63
  • 2400:cb00:2049:1::a29f:1827
  • 2400:cb00:2049:1::a29f:1981
  • 2400:cb00:2049:1::a29f:1b48
  • 2400:cb00:2049:1::a29f:1819

I don't want to get locked-out

You can always get access to your Linode using the lish console web app that's available in the cloud manager. However, since a lish session is the console (a special tty in a Unix/Linux system), it behaves slightly differently than a session established using ssh. You should consider lish the access method of last resort (like when you're locked out using ssh).

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct