Happened to me in work once... I was connected via SSH to one of our test machines, so I could test connection disruption handling on a product we had installed.

I had a script that added iptables rules to block all ports for 30 seconds then unblock them. Of course I didn't add an exception for port 22, and I didn't run it with nohup, so when I ran the script it blocked the ports, which locked me out of SSH access, and the script stopped running when the SSH session ended so never unblocked the ports. I just sat there in awe of my stupidity.

I accidentally put all the interfaces on my router running openwrt into the wrong firewall zone so now I can't access it via ssh or the web interface. I already had it configured though and it still works so I'm just ignoring the problem until something breaks

Whistles and looks away

I have absolutely no idea what you're talking about

😜

Firewallcmd's runtime-to-permanent is one of my favorite features of any software. Set everything up, make sure everything works before making the changes permanent. If not, just reboot!

Happened to me, luckilly I kept an ssh connection up.

Now I make sure to enable the firewall rules before I enable ufw ( still happened to me 3 more times ).

I know this is posted in funny, but whatever. You could still login locally using keyboard and monitor. Uncool, but it works

Connects a monitor and a keyboard to the Raspberry Pi

I've had to boot a remote server into rescue after locking myself out.

I think most people have done this at least once.

this is me dealing with ZScaler at work

ufw is not a good software. I really tried to work with it. My solution was to disable it.

This literally happened to me yesterday. Fortunately ufw enable did not configure it as persistent across reboots 🤠

What is a good firewall that can also block ports published with docker? I'd need it to run on the same host.

UART it

it's become self aware and is always blocking ports 22 & 23.

It happened to me when I was configuring IP geoblocking: Only whitelist IP ranges are allowed. That was fetched from a trusted URL. If the DNS provider just happened to not be on that list, the whitelist would become empty, blocking all IPs. Literally 100% proof firewall; not even a ping gets a pass.

i have ssh configured on a different port,

more than one time i enabled ssh in ufw, restarted the service... and the connection dropped

I know I forgot to reactivate my firewall yesterday, but I'm too scared of getting locked in to do it remotely. I have physical access to it, but gotta wait after work

Not exactly the same thing, but on one of my systems, eth0 and eth1 swapped position after a kernel update, so the IP was on the wrong interface. I had IPMI/BMC on the system so didn't have to physically go to it and plug in a keyboard and monitor, but I still had to deal with manually typing a long randomly-generated password, twice (one to log in and once again for sudo).

I'm glad "predictable" interface names are supported now. Those eth0/eth1/etc names were dangerous since the numbers were just based on the order the kernel loaded the drivers and initialized them in, which can change across reboots. The predictable names are based on physical position in the system, so they're consistent across reboots.

That moment when you forget to run sudo ufw allow ssh after enabling the firewall