UFW Cheat Sheet
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRST
1
CommandExample syntaxNotesLinks
2
Pro-TipCreated by Jared De Blander <jared0x90@gmail.com> Have a tip, trick or command you'd like to see added send me an email! :)
3
Pro-TipUFW is a front end for iptables. You can view the full iptables rules using iptables --list
4
Pro-TipRules permit / deny traffic based on the first match they encounter top to bottom. Keep this in mind when setting up deny rules. If you have an allow rule above it the traffic may be allowed to pass through unhindered despite your deny. Use ufw status numbered and ufw insert are your friends.
5
6
Install UFWsudo apt-get install ufw
7
Show the current list of rulessudo ufw status [not recommended see command below]I feel it is a good idea to get in the habbit of using ufw status numbered as opposed to ufw status to remind yourself that the rules are processed in order on a first match basis
8
Show the numbered list of rulessudo ufw status numberedThis will show you your rules and their associated number. Rules are processed in order and permit/deny based on their first match. This will also show you the number needed for the insert/delete commands.
9
Allow HTTP traffic on port 80sudo ufw allow 80
10
Allow HTTPS traffic on port 443sudo ufw allow 443
11
Allow SSH traffic on port 22sudo ufw allow 22
12
Enable UFW rulessudo ufw enableMake sure you have allowed SSH access before enabling if you need to be able to SSH in to the machine!
13
Block an IP as your first rulesudo ufw insert 1 deny from 1.2.3.4If you were to add this after your standard allow rules this IP would still be able to access your machine on the previously allowed ports. The insert 1 allows you to add this to the top of your list.
14
Block a subset of IPs as your first rulesudo ufw insert 1 deny from 1.2.3.4/21If you were to add this after your standard allow rules this network would still be able to access your machine on the previously allowed ports. The insert 1 allows you to add this to the top of your list.http://www.subnet-calculator.com/
15
Delete a rule based on #sudo ufw delete 4Use ufw status numbered to find the rule # of the rule you wish to delete
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
Loading...
 
 
 
Sheet1