The article shows how to diagnose connection problems by first checking whether UFW is active and which rules are in effect. It explains enabling or disabling UFW, adding common ports like SSH, and controlling the service with systemctl so it starts automatically at boot. For users who need more granular control, the guide covers installing nftables, writing a minimal configuration file, and reloading it with nft to replace UFW entirely. A real‑world anecdote demonstrates that sometimes kernel changes can break networking even when the firewall is correctly configured, highlighting the value of looking beyond just the rule set.

Enabling or Disabling the Firewall on Ubuntu 22.04 and 20.04

If your machine suddenly refuses to accept incoming connections, the first thing you should check is whether the firewall is blocking them. On modern Ubuntu releases the default firewall front‑end is UFW (Uncomplicated Firewall), but you can also control it with systemd or switch to nftables for more advanced rules.

1. Check Your Current Status

sudo ufw status verbose

Why this matters: It tells you whether UFW is active and lists the rules that are in effect. If you get “Status: inactive”, nothing is filtering traffic, so any connection problems lie elsewhere. If it’s active but still blocking services, the rule set might be too strict.

2. Enabling UFW

sudo ufw enable

This flips the service on and starts it immediately. It also sets up a minimal default policy:

• Incoming: deny
• Outgoing: allow
• Established connections: allow

After enabling, verify with ufw status. If you need to allow a common port (e.g., SSH), run:

sudo ufw allow 22/tcp

Why the rule is added: It permits inbound TCP traffic on port 22 while keeping everything else locked down.

3. Disabling UFW

If you’re troubleshooting or prefer to use another firewall solution, turn it off with:

sudo ufw disable

This stops the service and clears the active rule set, but the configuration files remain untouched – handy if you want to re‑enable later.

4. Managing the Service with Systemd

UFW runs as a systemd unit (ufw.service). You can start, stop, or enable it at boot:

sudo systemctl start ufw          # Start now
sudo systemctl stop ufw           # Stop immediately
sudo systemctl enable ufw         # Enable on every boot

Using systemd is useful if you prefer to control the service via standard init scripts instead of UFW’s own commands. It also allows you to inspect logs with journalctl -u ufw.

5. When UFW Isn’t Enough: Switch to nftables

If you need per‑interface or packet‑level filtering, replace UFW with nftables:

sudo apt install nftables
sudo systemctl enable --now nftables

Then write a simple rule file in /etc/nftables.conf:

table inet filter {
    chain input { type filter hook input priority 0; policy drop; }
    chain forward { type filter hook forward priority 0; policy drop; }
    chain output { type filter hook output priority 0; policy accept; }

    # Allow established connections
    iif "lo" accept

    # Open SSH
    tcp dport 22 ct state new,established accept
}

Reload with sudo nft -f /etc/nftables.conf. This gives you a clean slate and modern packet‑filtering semantics.

A Real‑World Glitch I’ve Seen

I once had an older workstation that suddenly stopped accepting SSH after a kernel update. The device was running Ubuntu 20.04, UFW was enabled, and the rule set looked fine. Turning the firewall off revealed that the new kernel had dropped an IP routing table entry, so my packets never reached the listening socket. Re‑enabling UFW after fixing the route restored everything—proof that sometimes the culprit is not a rule at all.

That’s the low‑down on toggling Ubuntu’s built‑in firewall. Whether you’re a power user who wants granular nftables rules or just need to get SSH back up, these steps should cover most scenarios.