How to delete a UFW firewall rule on Ubuntu / Debian Linux

ADVERTISEMENTS



Procedure to list and delete UFW firewall rules

Log in to server using the ssh Display ufw firewall rules, run: sudo ufw status numbered Delete a ufw firewall rule by rule number # 3: sudo ufw delete 3 Another option to erase a firewall rule is to run: sudo ufw delete allow 22/tcp

How do I delete a UFW firewall rule running on Ubuntu or Debian Linux? What is the command to remove ufw rules on a CentOS Linux server? How can I list and remove firewall rules when using UFW?This page explainsusing the command line option. UFW is an acronym for an uncomplicated firewall. Securing a network with the uncomplicated firewall is super easy and recommended. The Ubuntu Linux comes with packet filtering called Netfilter. The iptables frontend command used to manage netfilter. However, ufw provides easy to use front-end for netfilter, and it is one of the most popular among Ubuntu and Debian Linux sysadmins and developers.

Let us see all examples in details.

Warning: Be careful working with firewalls; take care not to lock yourself out of ssh session when deleting rules.

How to list UFW firewall rules

To list and show firewall status, run:

sudo ufw status

Sample outputs:

Status: active To Action From -- ------ ---- 22 /tcp ALLOW Anywhere 25 /tcp ALLOW Anywhere # accept email 80 /tcp ALLOW Anywhere 443 /tcp ALLOW Anywhere 22 /tcp ( v6 ) ALLOW Anywhere ( v6 ) 25 /tcp ( v6 ) ALLOW Anywhere ( v6 ) # accept email 80 /tcp ( v6 ) ALLOW Anywhere ( v6 ) 443 /tcp ( v6 ) ALLOW Anywhere ( v6 ) Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 25/tcp ALLOW Anywhere # accept email 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 25/tcp (v6) ALLOW Anywhere (v6) # accept email 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6)

It is possible to see firewall status as numbered list of RULES, enter:

sudo ufw status numbered

Further one can display verbose firewall status, run:

sudo ufw status verbose



show added

$ sudo ufw show added

Added user rules (see 'ufw status' for running firewall): ufw allow from 192.168.2.0/24 to 192.168.2.25 port 22 proto tcp ufw allow from 192.168.2.0/24 to 192.168.2.26 port 22 proto tcp ufw allow from 139.59.1.155 to any port 22 proto tcp ufw allow 80/tcp comment 'accept Apache' ufw allow 443/tcp comment 'accept HTTPS connections'

How to delete a UFW firewall rule

Theoption displays the list of rules as they were added on the command-line by sysadmin or developers. We can use this option later for mass deletion of rules:Here is the outputs:

Now you know how to list rules. It is time remove firewall rule. There are two methotds to delete UFW rules.

Deleting UFW rules by rule number

First list the rules along with line number:

sudo ufw status numbered

Sample outputs shows list of all my UFW rules and their numbers in first column:

Status: active To Action From -- ------ ---- [ 1 ] 22 /tcp ALLOW IN Anywhere [ 2 ] 25 /tcp ALLOW IN Anywhere # accept email [ 3 ] 80 /tcp ALLOW IN Anywhere [ 4 ] 443 /tcp ALLOW IN Anywhere [ 5 ] 22 /tcp ( v6 ) ALLOW IN Anywhere ( v6 ) [ 6 ] 25 /tcp ( v6 ) ALLOW IN Anywhere ( v6 ) # accept email [ 7 ] 80 /tcp ( v6 ) ALLOW IN Anywhere ( v6 ) [ 8 ] 443 /tcp ( v6 ) ALLOW IN Anywhere ( v6 ) Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN Anywhere [ 2] 25/tcp ALLOW IN Anywhere # accept email [ 3] 80/tcp ALLOW IN Anywhere [ 4] 443/tcp ALLOW IN Anywhere [ 5] 22/tcp (v6) ALLOW IN Anywhere (v6) [ 6] 25/tcp (v6) ALLOW IN Anywhere (v6) # accept email [ 7] 80/tcp (v6) ALLOW IN Anywhere (v6) [ 8] 443/tcp (v6) ALLOW IN Anywhere (v6)

Say you need to delete rule number 2 that opens tcp port 25 (email server), run:

sudo ufw delete {rule-number-here}

sudo ufw delete 2

You need to confirm ‘y’ when prompted to delete the rule from your system and verify it again:

sudo ufw status numbered



Removing UFW rules by ufw syntax

Say you added or open TCP port 80 and 443 using the following syntax:

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp

sudo ufw deny 23/tcp

You can delete those two rules using the following syntax (just prefix orignal rule with delete):

sudo ufw delete allow 80/tcp

sudo ufw delete allow 443/tcp

sudo ufw delete deny 23/tcp



How do I disable ufw?

sudo ufw disable

To enable again, run:

sudo ufw enable

How do I reset ufw?

Want to disables and resets firewall to installation defaults? Try:

sudo ufw reset

Resetting all rules to installed defaults. This may disrupt existing ssh connections. Proceed with operation ( y|n ) ? y Backing up 'user.rules' to '/etc/ufw/user.rules.20190714_171037' Backing up 'before.rules' to '/etc/ufw/before.rules.20190714_171037' Backing up 'user6.rules' to '/etc/ufw/user6.rules.20190714_171037' Backing up 'after6.rules' to '/etc/ufw/after6.rules.20190714_171037' Backing up 'before6.rules' to '/etc/ufw/before6.rules.20190714_171037' Backing up 'after.rules' to '/etc/ufw/after.rules.20190714_171037' Resetting all rules to installed defaults. This may disrupt existing ssh connections. Proceed with operation (y|n)? y Backing up 'user.rules' to '/etc/ufw/user.rules.20190714_171037' Backing up 'before.rules' to '/etc/ufw/before.rules.20190714_171037' Backing up 'user6.rules' to '/etc/ufw/user6.rules.20190714_171037' Backing up 'after6.rules' to '/etc/ufw/after6.rules.20190714_171037' Backing up 'before6.rules' to '/etc/ufw/before6.rules.20190714_171037' Backing up 'after.rules' to '/etc/ufw/after.rules.20190714_171037'

How to list and delete UFW firewall rules in bulk

Say you want use the “delete” command for deleting the ufw rule for all source IP address starting with 192.168.184.8. Here is how to list all such rules using the UFW and grep command:

$ sudo ufw show added | grep 192.168.184.8

Sample outputs:

ufw allow from 192.168.184.8 to any port 3306 proto tcp

ufw allow from 192.168.184.8 to any port 22 proto tcp

ufw allow from 192.168.184.8 to any port 3307 proto tcp

ufw allow from 192.168.184.8 to 192.168.217.103 port 8443 proto tcp

....

...

....

ufw allow from 192.168.184.8 to any port 80 proto tcp

ufw allow from 192.168.184.8 to any port 443 proto tcp

We are going to use the awk command to find and replace “ufw” with “ufw delete” Linux command. Let us start with --dry-run option and make sure you run command as root user:

# ufw show added | grep 192.168.184.8 \

| awk '{ gsub("ufw","ufw --dry-run delete",$0); system($0)}'

The --dry-run option tell ufw not to modify anything, just show the changes to avoid errors. If no erros, remove the --dry-run as follows:

# ufw show added | grep 192.168.184.8 \

| awk '{ gsub("ufw","ufw delete",$0); system($0)}'

The gsub() used to find all instance of “ufw” and replaced with “ufw delete” and then called system($0) to execute the final delete command. See "Awk Find And Replace Fields Values" for more info. We can skip the grep command as follows and do all work withing AWK itself:

# ufw show added \

| awk '/192.168.184.8/{ gsub("ufw","ufw delete",$0); system($0)}'

Conclusion

This page demonstrated various ways to list and remove/erase UFW firewall rules using the command line options. Make sure you read ufw man page here and see our other pages below.

