🔧 How to Disable UFW Firewall from a Rescue Environment

If you're locked out of your server due to firewall rules, or troubleshooting a system via a rescue environment, you may need to disable UFW (Uncomplicated Firewall) manually. This guide shows how to disable UFW from a mounted Linux filesystem.

🛠️ Step 1: Boot into Rescue Mode

First, boot your system into a rescue environment. Most hosting providers offer this when the system becomes unreachable. Once inside, identify and mount your main filesystem.

Example output of lsblk:

/dev/md2 206.9G RAID1 — likely your root filesystem

Then mount it:

mkdir /mnt/rescue
mount /dev/md2 /mnt/rescue

🔒 Step 2: Disable UFW in Configuration

Once mounted, edit the UFW configuration file:

nano /mnt/rescue/etc/ufw/ufw.conf

Look for this line:

ENABLED=yes

Change it to:

ENABLED=no

If the line doesn't exist, just add it. Save and exit the file.

🚫 Optional: Fully Disable UFW Rule Files

If you want to ensure UFW doesn't apply any firewall rules, you can rename the entire configuration folder:

mv /mnt/rescue/etc/ufw /mnt/rescue/etc/ufw.disabled
This will completely prevent UFW from loading when the system boots.

🔁 Step 3: Reboot and Test

Once you've made the changes, reboot your server:

reboot

After the system comes back up, UFW will be disabled, and no UFW-based firewall rules will be applied.

✅ Bonus Tip: Check for iptables Rules

UFW is just a frontend for iptables. If you're still locked out after disabling UFW, you might also want to check for custom iptables rules:

iptables -L

Or clear them (only if you're sure):

iptables -F

🧠 Summary

  • Mount the root filesystem.
  • Edit ufw.conf to set ENABLED=no.
  • Optionally rename /etc/ufw to disable all rules.
  • Reboot the server.

This can be a lifesaver if you’ve locked yourself out or need to regain control of firewall settings remotely.

Comments