5

Last night I did a most annoying mistake. On a Ubuntu 14.04 server I enables ufw and forgot to allow ssh. Then I logged off.

Naturally I am now locked out with ssh.

Fortunately my hoster provides a repair feature that enables me to access ther servers file system to repair such stuff.

How can I either disable the firewall completely manually using the filesystem?

or

How can I manually add a rule into ufw that allows ssh access?

I tried to set a rule in /lib/ufw/user.rules but it did not work.

Any help is appreciated.

caliph
  • 201
  • 2
  • 4

2 Answers2

5

I found a quite easy way to overcome the situation.

in

/etc/ufw/ufw.conf

there is

ENABLED=yes

set it to

ENABLED=no

And ufw will not start at the next reboot. Worked for me

caliph
  • 201
  • 2
  • 4
1

ufwis a front end for iptables.

The rules of iptables are located in files on /etc/iptables.*.

And in ufw stores them in /var/lib/ufw/user.rules.

Deleting the files or emptying them should work, and after a reboot you won't have rules on iptables so every type of traffic will connect.

If you can't remove the files then you could try add this to /etc/rc.local:

#!/bin/sh -e
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

It will re-write the iptables rules, so after a reboot the server will accept connections.

jcbermu
  • 17,278
  • 2
  • 52
  • 60
  • Thanks for your answer. I was about to go forward with your solution and then I saw the "enabled = yes" switch in the ufw config file. This was even easier. – caliph Jan 22 '16 at 20:21