How do I remove and delete a UFW firewall rule running on Ubuntu or Debian Linux?
UFW is an acronym for an uncomplicated firewall. Securing a network with the uncomplicated firewall is super easy. The Ubuntu Linux comes with packet filtering called Netfilter. The iptables frontend command used to manage netfilter. However, ufw provides easy to use front-end for netfilter, and it is one of the most popular among Ubuntu and Debian Linux sysadmins and developers. This page shows how to remove a UFW firewall rule.
Procedure to list and delete UFW firewall rules
- Log in to server
- Display firewall rules, run: sudo ufw status numbered
- Delete a ufw firewall rule by rule number # 3: sudo ufw delete 3
- Another option to erase a firewall rul is to run: sudo ufw delete allow 22/tcp
Let us see all examples in details.
Warning: Be careful working with firewalls; take care not to lock yourself out of ssh session when deleting rules.
How to list UFW firewall rules
To list and show firewall status, run:sudo ufw status
Sample outputs:
Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 25/tcp ALLOW Anywhere # accept email 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 25/tcp (v6) ALLOW Anywhere (v6) # accept email 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) |
It is possible to see firewall status as numbered list of RULES, enter:sudo ufw status numbered
Further one can display verbose firewall status, run:sudo ufw status verbose
How to delete a UFW firewall rule
Now you know how to list rules. It is time to delete rules. There are two methotds to delete UFW rules.
Method # 1. Deleting UFW rules by rule number
First list the rules along with line number:sudo ufw status numbered
Sample outputs shows list of all my UFW rules and their numbers in first column:
Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN Anywhere [ 2] 25/tcp ALLOW IN Anywhere # accept email [ 3] 80/tcp ALLOW IN Anywhere [ 4] 443/tcp ALLOW IN Anywhere [ 5] 22/tcp (v6) ALLOW IN Anywhere (v6) [ 6] 25/tcp (v6) ALLOW IN Anywhere (v6) # accept email [ 7] 80/tcp (v6) ALLOW IN Anywhere (v6) [ 8] 443/tcp (v6) ALLOW IN Anywhere (v6) |
Say you need to delete rule number 2 that opens tcp port 25 (email server), run:sudo ufw delete {rule-number-here}
sudo ufw delete 2
You need to confirm ‘y’ when prompted to delete the rule from your system and verify it again:sudo ufw status numbered
Method # 2. Removing UFW rules by ufw syntax
Say you added or open TCP port 80 and 443 using the following syntax:sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw deny 23/tcp
You can delete those two rules using the following syntax (just prefix orignal rule with delete):sudo ufw delete allow 80/tcp
sudo ufw delete allow 443/tcp
sudo ufw delete deny 23/tcp
How do I disable ufw?
sudo ufw disable
To enable again, run:sudo ufw enable
How do I reset ufw?
Want to disables and resets firewall to installation defaults? Try:sudo ufw reset
Resetting all rules to installed defaults. This may disrupt existing ssh connections. Proceed with operation (y|n)? y Backing up 'user.rules' to '/etc/ufw/user.rules.20190714_171037' Backing up 'before.rules' to '/etc/ufw/before.rules.20190714_171037' Backing up 'user6.rules' to '/etc/ufw/user6.rules.20190714_171037' Backing up 'after6.rules' to '/etc/ufw/after6.rules.20190714_171037' Backing up 'before6.rules' to '/etc/ufw/before6.rules.20190714_171037' Backing up 'after.rules' to '/etc/ufw/after.rules.20190714_171037' |
Conclusion
This page demonstrated various ways to list and remove UFW firewall rules using the command line. Make sure you read ufw man page here and see our other pages below.