UFW Cheatsheet

By Dejan Panovski Updated on Download PDF

Quick reference for managing firewall rules with UFW on Linux

UFW (Uncomplicated Firewall) is a simple frontend for managing Linux firewall rules. This cheatsheet covers common UFW commands for status checks, allowing and denying traffic, deleting rules, and basic troubleshooting.

Basic Commands

Start with status and firewall state.

CommandDescription
ufw statusShow firewall status and rules
ufw status verboseShow detailed status and defaults
sudo ufw enableEnable UFW
sudo ufw disableDisable UFW
sudo ufw reloadReload rules
sudo ufw resetReset UFW to defaults

Default Policies

Set default inbound and outbound behavior.

CommandDescription
sudo ufw default deny incomingDeny all incoming by default
sudo ufw default allow outgoingAllow all outgoing by default
sudo ufw default deny outgoingDeny all outgoing by default
sudo ufw default allow incomingAllow all incoming (not recommended on servers)

Allow and Deny Rules

Allow or block traffic by port and protocol.

CommandDescription
sudo ufw allow 22Allow port 22 (TCP and UDP)
sudo ufw allow 80/tcpAllow HTTP over TCP
sudo ufw allow 443/tcpAllow HTTPS over TCP
sudo ufw deny 25Deny SMTP port 25
sudo ufw reject 23Reject Telnet connections
sudo ufw limit 22/tcpRate-limit SSH connections

Rule Management

List, delete, and clean specific rules.

CommandDescription
sudo ufw status numberedList rules with numbers
sudo ufw delete allow 80/tcpDelete matching rule
sudo ufw delete 3Delete rule by number
sudo ufw delete deny 25Delete a deny rule

IP-Based Rules

Allow or deny traffic from specific hosts and networks.

CommandDescription
sudo ufw allow from 203.0.113.10Allow all traffic from one IP
sudo ufw deny from 203.0.113.10Block all traffic from one IP
sudo ufw allow from 203.0.113.10 to any port 22Allow SSH from one IP
sudo ufw allow from 10.0.0.0/24 to any port 3306Allow MySQL from a subnet
sudo ufw deny from 198.51.100.0/24 to any port 22 proto tcpDeny TCP SSH from subnet

Application Profiles

Use service profiles from /etc/ufw/applications.d/.

CommandDescription
sudo ufw app listList available application profiles
sudo ufw app info "Nginx Full"Show ports/protocols for profile
sudo ufw allow "OpenSSH"Allow profile rules
sudo ufw deny "Nginx HTTP"Deny profile rules
sudo ufw delete allow "OpenSSH"Remove allowed profile

Logging

Control and inspect UFW logging.

CommandDescription
sudo ufw logging onEnable logging
sudo ufw logging offDisable logging
sudo ufw logging lowSet low log level
sudo ufw logging mediumSet medium log level
sudo ufw logging highSet high log level

Common Server Setup

Baseline rules for a web server.

CommandDescription
sudo ufw default deny incomingDeny incoming by default
sudo ufw default allow outgoingAllow outgoing by default
sudo ufw allow OpenSSHKeep SSH access
sudo ufw allow 80/tcpAllow HTTP
sudo ufw allow 443/tcpAllow HTTPS
sudo ufw enableActivate firewall
sudo ufw status verboseVerify active rules

Troubleshooting

Quick checks for common UFW issues.

IssueCheck
SSH access lost after enableEnsure OpenSSH is allowed before ufw enable
Rule did not applyRun sudo ufw reload and re-check with ufw status numbered
Service still unreachableConfirm service is listening (ss -tulpn) and port/protocol match
Rules conflictCheck order with ufw status numbered and delete/re-add as needed
UFW not active at bootVerify service state with systemctl status ufw

Use these guides for full UFW workflows.

GuideDescription
How to Set Up a Firewall with UFW on Ubuntu 20.04Full UFW setup on Ubuntu 20.04
How to Set Up a Firewall with UFW on Ubuntu 18.04UFW setup on Ubuntu 18.04
How to Set Up a Firewall with UFW on Debian 10UFW setup on Debian 10
How to List and Delete UFW Firewall RulesRule management and cleanup