When installing ufw closes all the ports

There comes a time in my setup of a Linux/Unix system where I want to tinker with the firewall. And I usually install ufw — the “Uncomplicated Firewall” to do it. It’s not complicated, and I like that.

But if you have existing services running on your server or workstation that you installed with a Linux package manager such as apt or dnf/yum, you have to remember to reopen all the ports you need, because the installation of ufw on most systems closes all of those ports.

I installed ufw on the Raspberry Pi, and after first locking myself out of the computer by forgetting to open Port 22 for ssh, I inadvertently also locked myself out of the Samba server, since I forgot to open Port 445.

I used this tutorial to open Port 445 for Samba:

$ cat /etc/services | grep 445

$ sudo ufw allow microsoft-ds

$ sudo ufw enable

Why did this happen? When the services were installed on the Pi, the proper ports were opened up by the package manager. But when I installed ufw, it closed everything. I had to reopen ports 22 (ssh), 80 and 443 (http and https), and 445 (samba).

This system is no longer a web server, so I can close 80 and 443, but since the local network isn’t forwarding traffic through those ports to the Pi, I can leave them open and continue to experiment with web servers on the LAN.

More than once I’ve installed ufw and forgotten to open Port 22. And the next time I ssh into the system, I can’t get in until I log in another way and use ufw to reopen Port 22. This is a big one, especially if it’s difficult to access the system through a directly connected keyboard and monitor.