On my Ubuntu 20.04 machine, I have ufw enabled and allowing ssh connections.
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
However, I get a timeout when trying to connect.
But if I then do the following:
sudo ufw default allow outgoing # deny outgoing also works, I've discovered
it immediately starts accepting my connection. This is confusing to me -- it seems like just running some ufw command kicks the firewall into allowing incoming connections.
This is unfortunately not workable, as the state is not persisted across a reboot -- so I cannot use the computer remotely yet: I have to redo the sudo ufw default allow outgoing from the local terminal after restart.
I have tried purging and re-installing ufw. I'm interested in understanding where to look to figure out why the firewall does not allow ssh, even when the status indicates it should.
I never was able to solve the problem, but did come up with a workaround. I created a start-up script to run the no-op (since it is already the setting) ufw default allow outgoing. This seems to kick the firewall into accepting incoming connections.
$ cat /usr/local/bin/ping-ufw.sh
#!/bin/bash
ufw default allow outgoing >> /root/ping-ufw.out
$ cat /etc/systemd/system/ping-ufw.service
[Unit]
After=network.service
[Service]
ExecStart=/usr/local/bin/ping-ufw.sh
[Install]
WantedBy=default.target
sudo systemctl daemon-reload
sudo systemctl enable ping-ufw.service