Ubuntu Firewall with UFW: Allow SSH Safely

Introduction

On servers, SSH access is critical. The safest approach is to:

1. Check whether UFW is installed and what it’s currently doing.
2. Allow SSH first (ideally from your IP or trusted networks).
3. Enable the firewall and verify the rules.

This article uses ufw (Uncomplicated Firewall), the most common Ubuntu firewall tool.

Step 1: Check UFW status

sudo ufw status verbose

Look for:

• Status: active (enabled) or Status: inactive (disabled)
• existing allowed/denied rules

Step 2: (If needed) Install UFW

On some minimal systems, ufw may not be installed.

sudo apt update
sudo apt install ufw -y

Step 3: Allow SSH

Option A (recommended): allow SSH from your IP

Replace YOUR_PUBLIC_IP with your actual public IP address:

sudo ufw allow from YOUR_PUBLIC_IP to any port 22 proto tcp

This restricts SSH to only your network.

Option B: allow SSH from anywhere (simpler, less restrictive)

sudo ufw allow ssh

Step 4: Verify UFW rules

sudo ufw status numbered

You should see a rule allowing SSH (often port 22/tcp).

Step 5: Enable the firewall (don’t lock yourself out)

sudo ufw enable

Then check status again:

sudo ufw status verbose

Step 6: Test SSH connectivity

From your computer (or a separate session), verify you can still connect:

ssh -p 22 YOUR_USER@YOUR_SERVER_IP

If SSH fails, you can revert rules (see next steps) before you lose access.

Step 7: Common fixes

If you enabled the wrong SSH rule

List the rules and remove the incorrect one:

sudo ufw status numbered

Then delete by rule number (example):

sudo ufw delete 1

Reload firewall rules after changes

sudo ufw reload

Step 8: (Optional) View UFW logs

UFW logging depends on your configuration, but you can often view logs like this:

sudo tail -n 200 /var/log/ufw.log

Conclusion

UFW makes it easy to protect your Ubuntu server. Always add the SSH allow rule first, enable UFW, and verify connectivity before closing your session.