root@panel:~# ufw status — Status: inactive by default

Reported by: k
Created: 1 month 10 days ago
Last reply: 1 month 10 days ago
Views: 1949

Hello Team,

For some reason, ufw is set to disable after successful installation. 

root@panel:~# ufw status
Status: inactive
With that said, I tried to enabled it today, and I was locked out in my panel. All ports in the service tab are not open.
I had to access root again and disable ufw. By default, the services listed on the firewall tab should work, right? — after
ufw enable
At the moment, here are the services open

Custom Rules

Version number: 437
Ubuntu 16.04.5 LTS

am I missing something here?  — I just want to unable ufw with a working services ports.

Hi.

I found up that ufw is disabled by default.
https://help.ubuntu.com/community/UFW

TinyCP uses iptable and ip6table commands to manage firewall.
It stores here: /opt/tinycp/etc/iptables.cron.reboot
I am not sure but probably ufw has default policy deny.
You can check it by command: 

ufw status verbose

Default policy after clear installation of system is usually allow incomming.
Try do the same via command below. Then TinyCP and UFW should be able to work together.
ufw default allow

Remember, when you enable ufw you start managing firewall in your way.
If my tips above would not help, you have to choose tinycp or ufw.

One more TIP.
TinyCP panel shows and creates the rules with descriptions: 
CUSTOM-TINYCP-VElOWUNQIFNJR05BVFVSRQ
SERVICE-TINYCP-VElOWUNQIFNJR05BVFVSRQ
In this way the panel does not interact with many other softwares which use firewall too ie fail2ban and so one.

I understand now. 

If that would be the case, I will just choose TinyCP firewall for now. By any chance, could you tell me what Im missing here? I tried to drop any connection to my ssh service as shown below:

restarted SSH, and re-connect to SSH via PuTTy, however, I am still getting the SSH port access. By chance, do you have docs on how to manage firewall in TinyCP?
Thank you for your attention. 

Sure.

TinyCP does one Trick all the time.
Open CUSTOM RULES tab. 
There is one rule on the top that allow your currently IP.

So do not afraid. Services are blocked. Only your IP is able to connect to.
This is protection to avoid block yourself.
Also there is a notice:

Wojtek

Thank you for letting me know. Indeed, my apology for my ignorance.
Yes, I can see this is working as expected, clearly, it was my mistake using the same IP to test my firewall setup.
At this point, im all set. Thank you for your attention. 

No problem.

I recommend to use OpenVPN and connect to SSH, MySQL, TinyCP via VPN tunnel.
DROP rules on all other IP addresses and you should be more secured from the Internet.

Join our Discord server
Write a reply Edit a reply