Should ufw block access to localhost?

Tony Arnold tony.arnold at
Thu Mar 14 08:33:09 UTC 2019

Hi Colin,
I guess a detailed examination of the IPtables that UFW has set up
might yield some clues. But you've no doubt done that already!
On Wed, 2019-03-13 at 22:10 +0000, Colin Law wrote:
> I am setting up ufw on a server and have a symptom I don't
> understand.I am running mosquitto with TLS on port 8883 on the server
> so in ufw Ihave opened that portsudo ufw allow 8883and can then
> access port 8883 from another machine, as expected.  Icannot access
> it if I do not open that port, again as expected.
> However I also access mosquitto locally on the server
> usinglocalhost:8883 and the feature I do not understand is that if
> ufw isenabled then I cannot access it via localhost whether the port
> isopened or not.  If I *disable* ufw then I *can* access mosquitto
> vialocalhost.
> ufw status shows$ sudo ufw status verboseStatus: activeLogging: on
> (low)Default: deny (incoming), allow (outgoing), deny (routed)New
> profiles: skipTo                         Action      From
> --                         ------      --
> --22                         ALLOW
> IN    Anywhere80                         ALLOW
> IN    Anywhere443                        ALLOW
> IN    Anywhere8883                       ALLOW IN    Anywhere22
> (v6)                    ALLOW IN    Anywhere (v6)80
> (v6)                    ALLOW IN    Anywhere (v6)443
> (v6)                   ALLOW IN    Anywhere (v6)8883
> (v6)                  ALLOW IN    Anywhere (v6)
> Can anyone explain what is going on?
> Colin
Tony Arnold MBCS, CITP | Senior IT Security Analyst | Directorate of IT Services | Desk 51, Office 2, Kilburn Building | The University of Manchester | Manchester M13 9PL | T: +44 161 275 6093 | M: +44 773 330 0039

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the ubuntu-users mailing list