Fix UFW that blocks a port
We'll confirm the port is blocked, add a ufw allow rule, reload, and verify—or tell you when to escalate.
What you'll need
- SSH or console access to the Linux server
- sudo on the server
- The port number and protocol (TCP or UDP)
Step-by-step diagnostic
Quick triage — pick your path
Quick triage — pick your path
Choose the option that matches what you see. You can jump straight to that section.
Show full guide
Steps
Goal: Confirm the port is blocked by UFW, add an allow rule, reload, and verify.
- On the server:
ss -tlnpto confirm the service listens. From another machine:nc -zv <server-ip> <port>. - Good: Service listens but connection times out—UFW may block. Proceed to Check ufw status.
- Bad: Service does not listen—start the service first.
Check ufw status
Goal: Confirm UFW is active and see current rules.
- Run
sudo ufw statusorsudo ufw status numbered. - Good: UFW is active. Proceed to Add allow rule.
- Bad: UFW is inactive—check iptables or firewalld instead.
Add allow rule
Goal: Add an allow rule for the port and reload.
- Run
sudo ufw allow <port>/tcp(or/udpfor UDP). Example:sudo ufw allow 8080/tcp. - Run
sudo ufw reload. - Good: Rule added and firewall reloaded. Proceed to Confirm the rule.
- Bad: Permission denied—see When to escalate.
Confirm the rule
Goal: Verify the rule is active and test the connection.
- Run
sudo ufw status numbered. The allow rule should appear. - From another machine:
nc -zv <server-ip> <port>orcurl http://<server-ip>:<port>. - Good: Connection succeeds. The port is open.
- Bad: Still blocked—check rule order; a deny after allow overrides it.
When to escalate
Escalate if:
- The server is managed by config management.
- You cannot run ufw commands (permission denied).
- Security policy forbids opening the port.
Provide ufw status output and the port you need.
Verification
sudo ufw status numberedshows an allow rule for the port.nc -zv <server-ip> <port>from another machine succeeds.- The application can accept connections on the port.
Escalation ladder
Work from the device outward. Stop when the problem is fixed.
- Confirm port blocked Verify the service listens but connections from another machine fail.
- Check ufw status Run ufw status to see current rules.
- Add allow rule ufw allow <port>/tcp or /udp; ufw reload.
- Test connection nc -zv or curl from another machine.
What to capture if you need help
Before calling support or posting for help, have these ready. It speeds everything up.
- ufw status numbered output
- Port and protocol needed
- Steps already tried
Does the service listen but connections from another machine fail?
Check ss -tlnp on server; nc -zv from client.
You can change your answer later.
Is UFW active?
Run sudo ufw status.
You can change your answer later.
Add allow rule and reload
Fix the service
Check iptables or firewalld
Reviewed by Blackbox Atlas
Frequently asked questions
- Why would UFW block a port?
- UFW defaults to deny incoming. Unless you add an allow rule for the port, connections are blocked. Run ufw status to see current rules.
- Can I fix UFW blocking a port myself?
- Yes. Run sudo ufw allow <port>/tcp (or /udp), sudo ufw reload, then test with nc -zv or your application.
- When should I escalate UFW blocking a port?
- If the server is managed, you lack sudo for ufw commands, or security policy forbids opening the port.
Rate this guide
Was this helpful?
Thanks for your feedback.