UFW: connection refused after enabling

Diagnose and fix SSH lockout after enabling UFW without an SSH allow rule.

What Causes This
How to Fix

UFW blocks all inbound connections — including SSH — when enabled without explicit allow rules, because UFW's default incoming policy is "deny."

What Causes This

UFW's default policy denies all incoming traffic. Enabling UFW without first adding ufw allow ssh blocks port 22. The server is running but unreachable via SSH.

How to Fix

Access the server through an alternative method (cloud console, physical access) and add the SSH rule:

sudo ufw allow ssh
sudo ufw enable

See How to recover from UFW SSH lockoutfor detailed recovery steps.