How to List and Delete UFW Rules with Examples

UFW, which stands for Uncomplicated Firewall, is a front-end interface designed to simplify the management of iptables, the powerful but complex firewall utility included in the Linux kernel. Primarily available on Ubuntu and other Debian-based distributions, UFW aims to make the process of configuring a firewall straightforward and accessible, even for users who may not be deeply familiar with network security protocols.

In this blog, we will discuss how to effectively manage and optimize your network security by exploring various methods to list and delete UFW firewall rules.

Prerequisites

Before diving into the specifics of listing and deleting UFW firewall rules, it’s essential to ensure that your system meets certain prerequisites.

Operating System

UFW is primarily designed for Ubuntu and other Debian-based distributions. Ensure that your system is running one of these supported operating systems.

Installed Packages

UFW should be installed on your system. Most Ubuntu installations come with UFW pre-installed, but it’s always good to verify.

To check if UFW is installed, run:

sudo ufw status

If UFW is not installed, you can install it using the following command:

sudo apt-get install ufw

Superuser or Root Access

Managing firewall rules requires administrative privileges. Ensure that you have superuser or root access to the system. Most UFW commands need to be prefixed with sudo to execute with the necessary permissions.

To switch to a root user, you can use:

sudo -i

Alternatively, you can prepend sudo to each command to run it with superuser privileges:

sudo ufw status

Enabling UFW

Before you can manage firewall rules, UFW must be enabled. By default, UFW might be disabled on a fresh installation.

To enable UFW, use the command:

sudo ufw enable

After enabling UFW, it’s also useful to check the status to ensure everything is working correctly:

sudo ufw status

How to List UFW Firewall Rules

Effectively managing your firewall requires a clear understanding of the rules that are currently in place. UFW provides several commands to list firewall rules, each offering different levels of detail and utility.

Using ufw status Command

The ufw status command is the most basic way to check the status of UFW and see the active firewall rules.

sudo ufw status

This command displays a summary of the current firewall rules, including which ports are allowed or denied and their associated services.

Output

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere

The output will show the rules in a simple format, indicating whether UFW is active and listing each rule with its action (allow/deny) and protocol (tcp/udp).

Using ufw status numbered

For more detailed information and easier rule management, the ufw status numbered command is extremely useful.

sudo ufw status numbered

This command provides a numbered list of active firewall rules. The numbering is especially helpful when you need to delete specific rules.

Output

Status: active

     To                         Action      From
     --                         ------      ----
[1]  22/tcp                     ALLOW       Anywhere
[2]  80/tcp                     ALLOW       Anywhere
  • This numbered format allows you to easily pinpoint rules, such as [2] for port 80, when managing your firewall configurations.

Using ufw show added

The ufw show added command allows you to see rules that have been added by the user, offering a focused view of custom configurations.

sudo ufw show added

This command lists all the rules that have been explicitly added by the user, which can be useful for auditing recent changes or troubleshooting issues.

Output

Rule added: allow from 192.168.1.100 to any port 22
Rule added: allow 53/tcp

The output displays user-added rules in the order they were added, providing a clear history of custom rule configurations.

Using ufw show raw

For users who need to see the raw iptables rules, ufw show raw is the command to use.

sudo ufw show raw

This command outputs the raw iptables rules that UFW manages, offering a detailed and technical view of the firewall configuration.

Output

Chain INPUT (policy DROP)
target     prot opt source       destination
ACCEPT     tcp  --  anywhere     anywhere       tcp dpt:ssh /* allow SSH */
ACCEPT     udp  --  anywhere     anywhere       udp dpt:domain /* allow DNS*/
DROP       all  --  anywhere     anywhere       /* deny all other traffic */

Chain OUTPUT (policy ACCEPT)
target     prot opt source       destination

The output includes the underlying iptables rules, which can be useful for advanced users who need to understand or troubleshoot low-level firewall behavior.

How to Delete UFW Firewall Rules

Managing firewall rules often involves not only creating new rules but also removing outdated or unnecessary ones. UFW provides straightforward methods to delete firewall rules, ensuring that your firewall configuration remains streamlined and aligned with your security policies.

Using Rule Numbers

One of the simplest ways to delete a specific firewall rule in UFW is by referencing its rule number. This method is particularly useful when you have listed your rules using the ufw status numbered command.

sudo ufw delete [number]

Replace [number] with the specific rule number obtained from ufw status numbered.

Example:

sudo ufw status numbered

output

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere

Then, delete a specific rule by referencing its number:

sudo ufw delete 2

This command deletes the firewall rule corresponding to the specified rule number. It’s efficient for removing individual rules without affecting other configurations.

Using Full Rule Syntax

For more precise control over which rule to delete, especially when the rule number is not known, you can use the full rule syntax.

sudo ufw delete [rule]

Replace [rule] with the full rule you want to delete. This includes the entire specification of the rule as it was added.

Example:

sudo ufw delete allow from 192.168.0.1 to any port 22

This command deletes the specific firewall rule based on its complete syntax. It’s useful when you know the exact details of the rule you wish to remove, such as IP addresses, ports, and protocols.

Conclusion

Managing firewall rules with UFW (Uncomplicated Firewall) is essential for maintaining robust network security and controlling traffic flow effectively. Throughout this guide, we’ve explored the fundamental aspects of listing and deleting UFW firewall rules, emphasizing the importance of these tasks in maintaining a secure and well-organized network environment.

Share your love

Newsletter Updates

Stay updated with our latest guides and tutorials about Linux.

Leave a Reply

Your email address will not be published. Required fields are marked *