Skip to main content

UFW Cheat Sheet

ufw, the Uncomplicated Firewall, is one of many programs available for managing a netfilter firewall.

Firewall Status

Displays the status and a numbered list of the firewall rules. Helpful when deleting rules.

sudo ufw status numbered
Example Output:
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 11420/tcp                  ALLOW       Anywhere                   # xx network cMix
[ 2] 15974/tcp                  ALLOW       Anywhere                   # xx network chain
[ 3] 22/tcp                     LIMIT       Anywhere                   # SSH
[ 4] 11420/tcp (v6)             ALLOW       Anywhere (v6)              # xx network cMix
[ 5] 15974/tcp (v6)             ALLOW       Anywhere (v6)              # xx network chain
[ 6] 22/tcp (v6)                LIMIT       Anywhere (v6)              # SSH

Enable Firewall

Enables the firewall.

danger

Make sure you're not going to block remote access to the computer before enabling!

sudo ufw enable
Example Output:
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Disable Firewall

Disables the firewall.

sudo ufw disable
Example Output:
Firewall stopped and disabled on system startup

Add Rule w/ Comment

The following will open port 12345

sudo ufw allow 12345/tcp comment "my special rule"
Example Output:
Rules updated
Rules updated (v6)

Delete Rule By Number

First check the Firewall Status. Note the rule number you wish to delete.

sudo ufw status numbered
Example Output:
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 11420/tcp                  ALLOW       Anywhere                   # xx network cMix
[ 2] 15974/tcp                  ALLOW       Anywhere                   # xx network chain
[ 3] 22/tcp                     LIMIT       Anywhere                   # SSH

The following will delete rule 3, SSH

sudo ufw delete 3
Example Output:
Deleting:
 limit 22/tcp comment 'SSH'
Proceed with operation (y|n)? y
Rule deleted

Restrict Access By IP

One very strict security measure is to limit access to a remote computer based on an IP address. For example, if you use SSH to remotely connect to a computer, and you and you alone, only connect to the host from your home or office, you can set a firewall rule that only allows SSH connections to the remote computer from a specific IP address.

Read Very Carefully!

Only use this security measure if ...

  • you have a STATIC IP from where you are connecting from.
  • you have convenient on-site access to the remote computer.

If the IP address changes, you will not be able to connect remotely via SSH. You will need to modify the firewall on-site.

If you wish to allow your home's IP address, 1.2.3.4, you would replace [IP ADDRESS] and with 1.2.3.4 in the following command ...

sudo ufw allow from [IP ADDRESS] to any port 22 comment "SSH from Home"