Ubuntu & Debian Firewall Mysteries Revealed a.k.a. how to get the app or service working ASAP!
Fixing the mysteriously blocked applications, services and ports that elude traditional methods of common sense is quite the pain in the arse for the average guy just trying to get his server to work on an obscure port so his box doesn’t get hacked!
Here are some things to consider when you’re trying to enable a service, application or server in Ubuntu. Bookmark this and pull it up the next time you need to make something work in Ubuntu, before you start hurling your pc across the room 
Apparmor, may not be your friend… the average person who uses full-blown Ubuntu, also owns a firewall/router – Apparmor is ‘overkill’ in my humble opinion. However, if you’re connected directly to your cable modem, it could be useful (see first sentence).
If YOU ARE behind a firewall/router, and you DO NOT need a software firewal solution, then use these commands to disable Apparmor. In most cases this will fix your connection issues:
AppArmor can be disabled, and the start-up module removed by entering the following:
sudo /etc/init.d/apparmor stop
sudo update-rc.d -f apparmor remove
To re-enable AppArmor enter:
sudo /etc/init.d/apparmor start
sudo update-rc.d apparmor defaults
UFW, is another term to be familiar with. It’s the firewall app that is installed along side Apparmor. If you are trying to directly access ports, you can enable specific ports, or (again) totally disable to application if you know you are protected by a hardware router/firewall device (like a Linksys, Netgear DSL/Cable Router/Firewall)
Here are the common UFW control commands:
ufw needs to be enabled. From a terminal window enter:
sudo ufw enable
To open a port (this example is for ssh):
sudo ufw allow 22
Likewise, to close an opened port:
sudo ufw deny 22
To remove a rule, use delete followed by the rule:
sudo ufw delete deny 22
It is also possible to allow access from specific hosts to a port.
This example allows ssh access from host 192.168.0.5 to any ip address on this host:
sudo ufw allow proto tcp from 192.168.0.5 to any port 22
Replace 192.168.0.5 with 192.168.0.0/24 to allow ssh access from the entire subnet.
ufw can be disabled by:
sudo ufw disable
If the port you want to open or close is defined in /etc/services, you can use the port name instead of the number. In the above examples, replace 22 with ssh.
This quickstart will help you get your app’s online quick, and allow you to connect to them.
Please make any suggestions, and we will update the post. it’s good to see the Linux community coming together and giving M$ a run for their money
Leave a Reply