2

I am about to configure firewall with UFW. I am logged in over SSH so I don't know if the terminal will be locked out as soon as I do:

 sudo ufw default deny incoming

If so, how can I deny all incoming (lock the whole thing down) except SSH and do it all in the same command?

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Zuriar
  • 151
  • 1
  • 1
  • 6

1 Answers1

3

In my experience, despite the warnings, enabling UFW does not lock out the current session. By default, UFW will block all incoming. To allow SSH, use:

sudo ufw allow OpenSSH

You can also use the limit option (note that port 22 is the default SSH port):

sudo ufw limit 22/tcp

To enable UFW use:

sudo ufw enable
Nick T
  • 256
  • 2
  • 11
Paul
  • 3,037
  • 6
  • 27
  • 40
  • 1
    You can also use the `at` command to issue a "sudo disable UFW" at +5 minutes, so if you do get locked out, you can wait 5 minutes, and be allowed back in ;) – Tom O'Connor Dec 03 '14 at 09:55