unlcear if ufw can be enabled on remote servers before allowing ssh
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Server Guide |
New
|
Undecided
|
Unassigned |
Bug Description
In the server guide chapter on Firewalls ( https:/
In the UncomplicatedFi
Sorry I can not risk to try what happens if I enable ufw first. Maybe it is OK, however, I think it would warrant an extra comment in the guide that it is safe to do so. Or if it isn't safe for remote administration, the order should be changed (first allow ssh, then enable ufw).
no longer affects: | serverguide/raring |
no longer affects: | serverguide/saucy |
Even if you are managing a computer from remote via ssh, you can do things in the order as described in the serverguide.
Why? Because the ssh session you are using when you issue the "sudo ufw enable" command is an already established connection and that path will be used to traverse the iptables rules set. You will not be able to make any new ssh connection until after the "sudo ufw allow ssh" command. In the extremly unlikley situation of somehow losing your ssh session between the enable and the allow ssh commands, then yes you would be locked out from your remote computer.
However, yes it might be worth adding some specific note, particularly in view of this message:
doug@test-smy:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
which, in my opinion, is misleading.