π ~1 min read
Table of contents
Symptom & Impact
Remote administration is lost immediately after firewall rule changes.
Environment & Reproduction
Often follows rule reset or policy reorder without explicit SSH allow rule.
sudo ufw status numberedRoot Cause Analysis
Rule order or default deny policy blocks TCP/22 from required source ranges.
Quick Triage
Confirm active rules and default policies from console access.
sudo ufw status verbose
sudo ss -tulpn | grep :22Step-by-Step Diagnosis
Inspect nftables backend and packet counters for SSH drops.
sudo nft list ruleset | sed -n '1,220p'
Solution – Primary Fix
Add explicit SSH allow rule before deny rules and reload UFW.
Still having issues? Our IT Consulting team can diagnose and resolve this for you. Get in touch for a free consultation.
sudo ufw allow 22/tcp
sudo ufw reload
sudo ufw status numbered
Solution – Alternative Approaches
Limit SSH allow rule to management subnet for tighter exposure.
sudo ufw allow from to any port 22 proto tcpVerification & Acceptance Criteria
SSH stays reachable and firewall policy remains enforced for other ports.
sudo ufw status verbose
ssh -o ConnectTimeout=5 localhost trueRollback Plan
Disable UFW temporarily from console if remote lockout persists.
sudo ufw disablePrevention & Hardening
Apply firewall changes in staged mode with console fallback available.
sudo ufw status numberedRelated Errors & Cross-Refs
Related to connection timed out and administratively prohibited SSH failures.
Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.
View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub β
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Ubuntu UFW and nftables backend documentation.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β we respond within one business day.
