Ubuntu 16.04 How to Disable UFW On Startup Through Config
Solution 1
pa4080's answer seems like the correct answer, but I found that UFW was blocking pings and Samba connections after a default Ubuntu 14.04 install, even though ENABLED=no
is the default setting in /etc/ufw/ufw.conf
. After I stopped UFW with service ufw stop
I was able to connect to the machine as expected.
Disabling UFW on startup
On Ubuntu 14.10 and earlier: sudo echo manual > /etc/init/ufw.override
On Ubuntu 15.04 and later: sudo systemctl disable ufw
On anything else or just to be sure: sudo echo "service ufw stop" >> /etc/init.d/rc.local
Solution 2
You can try to disable UFW on startup through change of /etc/ufw/ufw.conf
in this way:
ENABLED=no
Related videos on Youtube
Donglecow
I'm an amateur developer focusing in Java and Java webapps, as well as Elasticsearch. I mainly use a LAMP server environment, using Tomcat and Apache2 to serve up the webapps.
Updated on September 18, 2022Comments
-
Donglecow over 1 year
I have an Ubuntu 16.04 AWS instance that I accidentally locked myself out of by enabling UFW without allowing port 22 for SSH. I've created a new instance and mounted the volume of the affected instance to it.
Now I have access to the file system of the affected instance, how do I stop UFW from running on startup so that I can access the instance again through SSH? Alternatively, how do I allow access to port 22 for SSH through config files?
I've looked around online and my file structure doesn't seem to match what other people are using. In
/media/myDrive/lib/ufw
I don't haveuser.rules
oruser6.rules
; these are in/etc/ufw/
. I've edited theuser*.rules
files as below to allow access, but when I rebooted the server, I still couldn't access it via SSH.#user.rules -A ufw-user-input -p tcp --dport 22 -j ACCEPT -A ufw-user-input -p udp --dport 22 -j ACCEPT #user6.rules -A ufw6-user-input -p tcp --dport 22 -j ACCEPT -A ufw6-user-input -p udp --dport 22 -j ACCEPT
Referenced from this SO question: Can't ssh into AWS EC2 after enabling firewall
-
pa4080 almost 5 yearsHi, Donglecow, I've added a comment, under the @jdgregson's answer. I just read your rules and I think you need to use
-I
nsert to the beginning of the chain instead of-A
ppend to the end. Also, probably (sorry currently I do not have UFW installed), the defaultINPUT
chain will be read before the UFW's one, so you can try with some rules as:-I INPUT ...
...and the last one you don't need to allow UDP on the SSH port.
-
-
Donglecow about 6 yearsThanks for this. I've long worked around the problem now. @pa4080's answer didn't work for me which is why I didn't accept it. Though this looks like it would've been a more promising line to investigate.
-
pa4080 almost 5 yearsYes, you are right, jdgregson, recently I found that even you remove UFW, it leaves some rules in
iptables
that should be removed by hand. -
jdgregson almost 5 years@pa4080 So much for being an "Uncomplicated" Firewall...
-
Himanshu Bansal over 4 yearsIt's not working :/ I have this enabled=0 but still i'm unable to ssh...