How do I not lock myself out when enabling UFW?

Before enabling: sudo ufw allow ssh (or sudo ufw allow 22/tcp). Then sudo ufw enable. This ensures SSH access is preserved.

Should I use iptables or nftables?

Modern distros are migrating to nftables. Use whatever your distro defaults to. UFW abstracts the difference for most use cases.

Linux Firewall Errors — iptables & UFW Troubleshooting

Warningnetwork

Overview

Fix common Linux firewall errors including iptables rule conflicts, UFW enable/disable issues, blocked ports, and Docker networking conflicts with iptables.

Key Details

UFW (Uncomplicated Firewall) is a frontend for iptables/nftables
iptables rules are evaluated top-to-bottom — order matters for allow/deny decisions
Docker adds its own iptables chains (DOCKER, DOCKER-USER) which can conflict with manual rules
Common mistake: blocking a port in UFW but Docker bypasses UFW rules by inserting at a higher priority
nftables is replacing iptables on modern distributions (Debian 10+, Ubuntu 20.04+)

Common Causes

UFW rules not applying because Docker bypasses UFW chains
iptables REJECT or DROP rule before the ACCEPT rule for the desired port
UFW enabled but not allowing SSH, locking yourself out
Firewall rules lost after reboot (not saved/persisted)
IPv6 rules not matching IPv4 rules, allowing bypass

Steps

1Check UFW status: sudo ufw status verbose
2List iptables rules: sudo iptables -L -n -v --line-numbers
3Allow a port in UFW: sudo ufw allow 80/tcp
4For Docker: add rules to DOCKER-USER chain instead of INPUT: iptables -I DOCKER-USER -p tcp --dport 8080 -j DROP
5Persist iptables rules: sudo apt install iptables-persistent && sudo netfilter-persistent save