UFW Ubuntu 16.04


#1

I am trying to setup UFW on Ubuntu 16.04. After searching this forum for help I found an comment that is proven work at least on 14.04. After applying the suggest changes in the same way/place my machine refuses to start after a (hard reboot). I have to enter the rescue mode and disable UFW manually.

The only thing I see is this message:

>>> Checking user input for debug/verbose mode...
>>> Checking user input for debug shell...
>>> Signaling the server is kernel-started to the control plane...
>>> Adjusting time (ntp)...
>>> Initializing 'local' root file system...
>>> Attaching nbd0...
[   39.032431] random: fast init done
[  143.028160] random: crng init done

#2

Hello @vad1mo,

It seems you blocked the port and IP required to connect your root volume nbd0.
You must add an accept rule to allow the connection to your volumes [How to] Configures Iptables with INPUT rules (with dynamic NBD)

Edouard


#3

what about the tutorial of thomas? I had the impression that if you have this in place you won’t need querying the meta data and add manual rule for NBD. Is it enough to apply only this or should it be together with thomas approach?


#4

Are you talking about VPS or dedicated servers?

I run UFW on all my Ubuntu 16.04 VPS boxes without any specific configuration for the block devices, and have absolutely no issues whatsoever. I block all incoming and outgoing ports, other than those required for services running on the box.


#5

its bare metal in my case. After enabling the FW did you restart your server?


#6

I didn’t need to restart the server, no. But I have restarted many times since and there’s never been an issue.

Sounds like your issue may be limited to the bare metal servers then. I only spun up a bare metal on Scaleway briefly for testing a while back but can’t now remember whether I configured iptables on there, so I’m unable to speak to that. But as I say, no problem on VPS.


#7

I just followed thomas tutorial on a C2L (bare metal) with Ubuntu 16.04, it works fine.

Note: I’m using Docker image from the ImageHub, but the underlying system is a Ubuntu 16.04