Otdfbt

Multi tool use

What happens if you roll doubles 3 times then land on "Go to jail?"

Plot of histogram similar to output from @risk

What's the best way to handle refactoring a big file?

Written every which way

Why do we use the plural of movies in this phrase "We went to the movies last night."?

Would this house-rule that treats advantage as a +1 to the roll instead (and disadvantage as -1) and allows them to stack be balanced?

Solidity! Invalid implicit conversion from string memory to bytes memory requested

What can we do to stop prior company from asking us questions?

Is it ever safe to open a suspicious html file (e.g. email attachment)?

Elegant way to replace substring in a regex with optional groups in Python?

Contours of a clandestine nature

Return the Closest Prime Number

Is it possible to search for a directory/file combination?

Is micro rebar a better way to reinforce concrete than rebar?

How to prevent changing the value of variable?

Interfacing a button to MCU (and PC) with 50m long cable

Why am I allowed to create multiple unique pointers from a single object?

Are there any limitations on attacking while grappling?

Grabbing quick drinks

Make solar eclipses exceedingly rare, but still have new moons

What connection does MS Office have to Netscape Navigator?

How does the mv command work with external drives?

Complex fractions

How did the Bene Gesserit know how to make a Kwisatz Haderach?

UFW deny all incoming except SSH

2

1

I am about to configure firewall with UFW. I am logged in over SSH so I don't know if the terminal will be locked out as soon as I do:

 sudo ufw default deny incoming

If so, how can I deny all incoming (lock the whole thing down) except SSH and do it all in the same command?

iptables ufw

share|improve this question

edited Dec 3 '14 at 0:35

HopelessN00b

48.5k24116194

asked Dec 2 '14 at 20:54

ZuriarZuriar

12614

add a comment | 

2

1

I am about to configure firewall with UFW. I am logged in over SSH so I don't know if the terminal will be locked out as soon as I do:

 sudo ufw default deny incoming

If so, how can I deny all incoming (lock the whole thing down) except SSH and do it all in the same command?

iptables ufw

share|improve this question

edited Dec 3 '14 at 0:35

HopelessN00b

48.5k24116194

asked Dec 2 '14 at 20:54

ZuriarZuriar

12614

add a comment | 

I am about to configure firewall with UFW. I am logged in over SSH so I don't know if the terminal will be locked out as soon as I do:

 sudo ufw default deny incoming

If so, how can I deny all incoming (lock the whole thing down) except SSH and do it all in the same command?

iptables ufw

share|improve this question

edited Dec 3 '14 at 0:35

HopelessN00b

48.5k24116194

asked Dec 2 '14 at 20:54

ZuriarZuriar

12614

 sudo ufw default deny incoming

share|improve this question

edited Dec 3 '14 at 0:35

HopelessN00b

48.5k24116194

asked Dec 2 '14 at 20:54

ZuriarZuriar

12614

share|improve this question

edited Dec 3 '14 at 0:35

HopelessN00b

48.5k24116194

asked Dec 2 '14 at 20:54

ZuriarZuriar

12614

edited Dec 3 '14 at 0:35

HopelessN00b

48.5k24116194

edited Dec 3 '14 at 0:35

HopelessN00b

48.5k24116194

asked Dec 2 '14 at 20:54

ZuriarZuriar

12614

asked Dec 2 '14 at 20:54

ZuriarZuriar

12614

1 Answer
1

active

oldest

votes

3

In my experience, despite the warnings, enabling UFW does not lock out the current session. By default, UFW will block all incoming. To allow SSH, use:

sudo ufw allow OpenSSH

You can also use the limit option (note that port 22 is the default SSH port):

sudo ufw limit 22/tcp

To enable UFW use:

sudo ufw enable

share|improve this answer

edited yesterday

Nick T

15610

answered Dec 2 '14 at 23:19

PaulPaul

1,17531323

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  You can also use the at command to issue a "sudo disable UFW" at +5 minutes, so if you do get locked out, you can wait 5 minutes, and be allowed back in ;)
  
  – Tom O'Connor
  Dec 3 '14 at 9:55
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f648672%2fufw-deny-all-incoming-except-ssh%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

3

In my experience, despite the warnings, enabling UFW does not lock out the current session. By default, UFW will block all incoming. To allow SSH, use:

sudo ufw allow OpenSSH

You can also use the limit option (note that port 22 is the default SSH port):

sudo ufw limit 22/tcp

To enable UFW use:

sudo ufw enable

share|improve this answer

edited yesterday

Nick T

15610

answered Dec 2 '14 at 23:19

PaulPaul

1,17531323

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  You can also use the at command to issue a "sudo disable UFW" at +5 minutes, so if you do get locked out, you can wait 5 minutes, and be allowed back in ;)
  
  – Tom O'Connor
  Dec 3 '14 at 9:55
  

  
  
  
  

add a comment | 

3

In my experience, despite the warnings, enabling UFW does not lock out the current session. By default, UFW will block all incoming. To allow SSH, use:

sudo ufw allow OpenSSH

You can also use the limit option (note that port 22 is the default SSH port):

sudo ufw limit 22/tcp

To enable UFW use:

sudo ufw enable

share|improve this answer

edited yesterday

Nick T

15610

answered Dec 2 '14 at 23:19

PaulPaul

1,17531323

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  You can also use the at command to issue a "sudo disable UFW" at +5 minutes, so if you do get locked out, you can wait 5 minutes, and be allowed back in ;)
  
  – Tom O'Connor
  Dec 3 '14 at 9:55
  

  
  
  
  

add a comment | 

In my experience, despite the warnings, enabling UFW does not lock out the current session. By default, UFW will block all incoming. To allow SSH, use:

sudo ufw allow OpenSSH

You can also use the limit option (note that port 22 is the default SSH port):

sudo ufw limit 22/tcp

To enable UFW use:

sudo ufw enable

share|improve this answer

edited yesterday

Nick T

15610

answered Dec 2 '14 at 23:19

PaulPaul

1,17531323

sudo ufw allow OpenSSH

sudo ufw limit 22/tcp

sudo ufw enable

share|improve this answer

edited yesterday

Nick T

15610

answered Dec 2 '14 at 23:19

PaulPaul

1,17531323

edited yesterday

Nick T

15610

edited yesterday

Nick T

15610

answered Dec 2 '14 at 23:19

PaulPaul

1,17531323

answered Dec 2 '14 at 23:19

PaulPaul

1,17531323