UFW Commands
Uncomplicated Firewall (UFW) commands for easy firewall management on Ubuntu/Debian.
Basic Operations
sudo ufw statusCheck firewall status
sudo ufw status verboseShow detailed firewall status
sudo ufw status numberedShow rules with numbers
sudo ufw enableEnable firewall
sudo ufw disableDisable firewall
sudo ufw reloadReload firewall rules
sudo ufw resetReset firewall to default settings
Default Policies
sudo ufw default deny incomingDeny all incoming traffic by default
sudo ufw default allow outgoingAllow all outgoing traffic by default
sudo ufw default deny outgoingDeny all outgoing traffic by default
sudo ufw default allow incomingAllow all incoming traffic by default
sudo ufw default reject incomingReject all incoming traffic by default
Allow Rules
sudo ufw allow 22Allow port 22 (SSH)
sudo ufw allow 80/tcpAllow port 80 TCP (HTTP)
sudo ufw allow 443/tcpAllow port 443 TCP (HTTPS)
sudo ufw allow sshAllow SSH service
sudo ufw allow httpAllow HTTP service
sudo ufw allow httpsAllow HTTPS service
sudo ufw allow 1000:2000/tcpAllow TCP port range 1000-2000
sudo ufw allow from 192.168.1.0/24Allow from specific subnet
sudo ufw allow from 192.168.1.100 to any port 22Allow SSH from specific IP
sudo ufw allow in on eth0 to any port 80Allow HTTP on specific interface
Deny Rules
sudo ufw deny 23Deny port 23 (Telnet)
sudo ufw deny 3306/tcpDeny MySQL port
sudo ufw deny from 192.168.1.100Deny specific IP address
sudo ufw deny from 10.0.0.0/8Deny entire subnet
sudo ufw deny out 25Deny outgoing SMTP traffic
sudo ufw deny proto tcp from any to any port 445Deny SMB traffic
Delete Rules
sudo ufw delete allow 80Delete allow rule for port 80
sudo ufw delete deny 23Delete deny rule for port 23
sudo ufw delete 3Delete rule number 3 (use status numbered first)
sudo ufw delete allow from 192.168.1.100Delete specific allow rule
Application Profiles
sudo ufw app listList available application profiles
sudo ufw app info "Apache Full"Show info about Apache profile
sudo ufw allow "Apache Full"Allow Apache Full profile
sudo ufw allow "Nginx Full"Allow Nginx Full profile
sudo ufw allow "OpenSSH"Allow OpenSSH profile
sudo ufw delete allow "Apache"Delete Apache profile rule
Advanced Rules
sudo ufw limit sshRate limit SSH connections (max 6 in 30s)
sudo ufw limit 22/tcpRate limit port 22
sudo ufw reject out to 192.168.1.100Reject outgoing to specific IP
sudo ufw allow from 192.168.1.0/24 to any app ApacheAllow subnet to Apache
sudo ufw insert 1 allow from 192.168.1.50Insert rule at position 1
sudo ufw prepend deny from 10.0.0.0/8Prepend rule to beginning
Rule Comments
sudo ufw allow 22 comment "SSH access"Allow port with comment
sudo ufw allow from 192.168.1.0/24 comment "Local network"Allow subnet with comment
sudo ufw deny 3306 comment "Block MySQL"Deny port with comment
sudo ufw allow 80/tcp comment "Web server HTTP"Allow HTTP with comment
sudo ufw allow 443/tcp comment "Web server HTTPS"Allow HTTPS with comment
sudo ufw allow from 10.0.0.5 to any port 22 comment "Admin SSH"Allow specific IP with comment
sudo ufw show addedShow rules with comments
sudo ufw status verboseView rules (comments shown in raw files)
Logging
sudo ufw logging onEnable logging
sudo ufw logging offDisable logging
sudo ufw logging lowSet logging level to low
sudo ufw logging mediumSet logging level to medium
sudo ufw logging highSet logging level to high
sudo ufw logging fullSet logging level to full
sudo tail -f /var/log/ufw.logView UFW log file
IPv6 Support
sudo ufw allow from ::1Allow IPv6 localhost
sudo ufw allow from 2001:db8::/32Allow IPv6 subnet
sudo ufw deny from 2001:db8::1Deny specific IPv6 address
Configuration Files
sudo nano /etc/ufw/ufw.confEdit main UFW configuration
sudo nano /etc/default/ufwEdit UFW defaults
sudo nano /etc/ufw/before.rulesEdit rules processed before UFW rules
sudo nano /etc/ufw/after.rulesEdit rules processed after UFW rules
sudo nano /etc/ufw/user.rulesEdit user-defined rules