🟑 Medium   ⏱ 5–30 min  Last verified: 19 May 2026

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Remote SSH sessions drop or app ports become unreachable after firewall changes. Production traffic fails despite services listening locally.

Environment & Reproduction

Ubuntu 16.04 hosts using ufw with newly applied deny rules or interface-specific policies. Reproduce by enabling ufw before adding SSH allow rule.

Root Cause Analysis

Rule order or direction is incorrect, so desired traffic is denied before matching allow rules. IPv6 rules may also diverge from IPv4 intent.

Quick Triage

Run sudo ufw status numbered and verify listening sockets with ss -tulpn. Test connectivity from trusted source networks.

Step-by-Step Diagnosis

Inspect /etc/ufw/user.rules and before.rules for custom chains, validate interface bindings, and compare IPv4/IPv6 policy parity.

Illustrative mockup for ubuntu-16-04-lts β€” ubuntu1604-b01-p11-diagnosis
ufw status showing deny rule precedence β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Insert explicit allow rules for SSH and required app ports using numbered inserts, then reload ufw. Confirm default policies align with security baseline.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for ubuntu-16-04-lts β€” ubuntu1604-b01-p11-fix
corrected allow rules and restored access β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Manage firewall via raw iptables with audited scripts, or move policy enforcement to upstream security groups while keeping host firewall minimal.

Verification & Acceptance Criteria

Remote SSH and application probes succeed from approved networks, while unauthorized sources remain blocked.

Rollback Plan

Disable ufw temporarily from console if locked out, restore prior ruleset backup, and re-enable after validation.

Prevention & Hardening

Use staged firewall rollout with out-of-band access, enforce rule templates, and continuously test key ports after changes.

Can resemble service failure, DNS issues, or cloud ACL blocks; correlate with tcpdump and external health checks.

Related tutorial: View the step-by-step tutorial for Ubuntu 16.04 LTS.

View all Ubuntu 16.04 LTS tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

ufw(8), iptables documentation, and secure remote access change procedures.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.