How to List and Delete UFW Firewall Rules

Introduction

Before we begin talking about how to list and delete UFW Firewall Rules. Let’s briefly understand - What is a UFW?

Uncomplicated Firewall (UFW) is a frontend to manage iptables firewall rules. It is extremely user-friendly. It is the default configuration tool for Ubuntu and is also available for other popular Linux distributions such as Arch Linux and Debian.

Furthermore, it provides a straightforward command-line interface to configure and manage firewall rules, enhancing system security by filtering network traffic and preventing unauthorized access. With its integration with Ubuntu's system firewall infrastructure, UFW ensures reliable operation and compatibility.

In this tutorial, you will list and delete UFW Firewall Rules. We will also address some of the FAQs related to UFW.

Advantages of UFW

Simplicity: UFW (Uncomplicated Firewall) provides an easy-to-use interface to manage firewall rules, making it accessible for users of all levels of technical expertise.
Security: UFW enhances system security by effectively filtering network traffic and preventing unauthorized access to your computer or network.
Integration: Built on top of the iptables firewall, UFW seamlessly integrates with Ubuntu's system firewall infrastructure, ensuring reliable operation and compatibility.
Flexibility: UFW allows users to create both inbound and outbound rules, providing granular control over network traffic and allowing customization to meet specific requirements.
Logging: With UFW, you can easily enable logging, allowing you to monitor and analyze firewall events for troubleshooting or security purposes.

Prerequisites

1) For running UFW commands, you need to be a sudo user.

Step 1 - Listing the UFW Rules

1) The most common task when managing a firewall is listing the rules. Check the UFW status and list all rules using the following command:

sudo ufw status

2) You will get the following output if the UFW is disabled:

Output

Status: inactive

3) If the UFW is active, the output will print a list of all active firewall rules:

Output
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere          
22/tcp (v6)                ALLOW       Anywhere (v6)

4) To get extra information, you need to use status verbose:

sudo ufw status verbose

The output will then include information about logging of default as well as new profiles:

Output

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere          
22/tcp (v6)                ALLOW       Anywhere (v6)

5) You can get the order and ID number of all active users using status numbered. This comes handy when you want to insert a new rule or delete an existing rule based on its number:

sudo ufw status numbered

Output

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 22/tcp (v6)                ALLOW IN    Anywhere (v6)

Step 2 - Deleting the UFW Rules

There are 2 ways to delete the UFW rules:

Rule number
Specification

Make sure you are deleting the right firewall rule, and don't lock yourself out of the remote server by deleting the rule which allows SSH traffic. SSH listens on port 22 by default.

Further, deleting UFW rules by the rule number is much easier as you only need to type the rule number, not the complete rule.

Step 3 - Deleting UFW rules by the rule number

1) Firstly, list all the rules and then find the number of the rule which you want to delete:

sudo ufw status numbered

The command will give you a list of all rules and their numbers:

Output

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 443/tcp                    ALLOW IN    Anywhere
[ 4] 8069/tcp                   ALLOW IN    Anywhere

2) Once you are aware of the rule number, use the following command to delete it:

sudo ufw delete 4

3) You will get a prompt for confirmation. It will confirm if you want to delete the rule:

Output

Deleting:
 allow 22/tcp
Proceed with operation (y|n)? y

4) Proceed to type y and hit Enter. The rule will get deleted:

Output

Rule deleted

ℹ️

Rule number will change everytime you delete a rule, so make sure to check the rule list before deleting any rule.

Step 4 - Removing the UFW rules by specification

1) The next method to delete a rule is by usingufw delete a command which is followed by the rule. Like, if you added a rule opening port 2222. Then, it is by using the below command.

To see how it works, add a port which opens the port 2222 using the following command:

sudo ufw allow 2222

You can delete this just by typing:

sudo ufw delete allow 2222

Step 5 - Resetting UFW and removing all the rules

1) Resetting UFW will lead to a disabled firewall and will delete all active rules. Use the following command to reset the UFW:

sudo ufw reset

FAQs to List and Delete UFW Firewall Rules

What is the UFW limit?

UFW by default limits SSH connections from a specific IP Address which attempts 6 or more attempts connections within 30 seconds.

Is there a way to delete multiple firewall rules simultaneously?

Unfortunately, UFW doesn't provide a native option to delete multiple rules at once. You need to delete each rule individually using the appropriate commands.

Can I delete all UFW firewall rules at once?

Yes, you can delete all rules by executing sudo ufw reset to revert the firewall configuration to its default state.

How can I view UFW firewall rules without numbers?

By running sudo ufw status, you can get a non-numbered list of firewall rules showing their current status (enabled or disabled).

How do I check the details of a specific firewall rule, such as the ports or IP addresses involved?

To view the details of a rule, run sudo ufw show [rule_number]. This command will display the specific rule's configuration.

Is it possible to list UFW firewall rules with resolved IP addresses instead of displaying only the port numbers?

Yes, you can achieve this by running sudo ufw show resolv. It will show resolved IP addresses along with the port numbers associated with each rule.

How can I delete all UFW firewall rules except those that are currently enabled?

Utilize the command sudo ufw delete inactive to remove all inactive rules, effectively deleting all rules except for the active ones.

Conclusion

We hope this detailed tutorial helped you to list and delete the UFW Firewall Rules.

If you have any queries or doubts, please leave them in the comment below. We'll be happy to address them.