UFW Cheatsheet
Basic Commands
Start with status and firewall state.
| Command | Description |
|---|---|
ufw status |
Show firewall status and rules |
ufw status verbose |
Show detailed status and defaults |
sudo ufw enable |
Enable UFW |
sudo ufw disable |
Disable UFW |
sudo ufw reload |
Reload rules |
sudo ufw reset |
Reset UFW to defaults |
Default Policies
Set default inbound and outbound behavior.
| Command | Description |
|---|---|
sudo ufw default deny incoming |
Deny all incoming by default |
sudo ufw default allow outgoing |
Allow all outgoing by default |
sudo ufw default deny outgoing |
Deny all outgoing by default |
sudo ufw default allow incoming |
Allow all incoming (not recommended on servers) |
Allow and Deny Rules
Allow or block traffic by port and protocol.
| Command | Description |
|---|---|
sudo ufw allow 22 |
Allow port 22 (TCP and UDP) |
sudo ufw allow 80/tcp |
Allow HTTP over TCP |
sudo ufw allow 443/tcp |
Allow HTTPS over TCP |
sudo ufw deny 25 |
Deny SMTP port 25 |
sudo ufw reject 23 |
Reject Telnet connections |
sudo ufw limit 22/tcp |
Rate-limit SSH connections |
Rule Management
List, delete, and clean specific rules.
| Command | Description |
|---|---|
sudo ufw status numbered |
List rules with numbers |
sudo ufw delete allow 80/tcp |
Delete matching rule |
sudo ufw delete 3 |
Delete rule by number |
sudo ufw delete deny 25
|
Delete a deny rule |
IP-Based Rules
Allow or deny traffic from specific hosts and networks.
| Command | Description |
|---|---|
sudo ufw allow from 203.0.113.10 |
Allow all traffic from one IP |
sudo ufw deny from 203.0.113.10 |
Block all traffic from one IP |
sudo ufw allow from 203.0.113.10 to any port 22 |
Allow SSH from one IP |
sudo ufw allow from 10.0.0.0/24 to any port 3306 |
Allow MySQL from a subnet |
sudo ufw deny from 198.51.100.0/24 to any port 22 proto tcp |
Deny TCP SSH from subnet |
Application Profiles
Use service profiles from /etc/ufw/applications.d/.
| Command | Description |
|---|---|
sudo ufw app list |
List available application profiles |
sudo ufw app info "Nginx Full" |
Show ports/protocols for profile |
sudo ufw allow "OpenSSH" |
Allow profile rules |
sudo ufw deny "Nginx HTTP" |
Deny profile rules |
sudo ufw delete allow "OpenSSH" |
Remove allowed profile |
Logging
Control and inspect UFW logging.
| Command | Description |
|---|---|
sudo ufw logging on |
Enable logging |
sudo ufw logging off |
Disable logging |
sudo ufw logging low |
Set low log level |
sudo ufw logging medium |
Set medium log level |
sudo ufw logging high |
Set high log level |
Common Server Setup
Baseline rules for a web server.
| Command | Description |
|---|---|
sudo ufw default deny incoming |
Deny incoming by default |
sudo ufw default allow outgoing |
Allow outgoing by default |
sudo ufw allow OpenSSH |
Keep SSH access |
sudo ufw allow 80/tcp |
Allow HTTP |
sudo ufw allow 443/tcp |
Allow HTTPS |
sudo ufw enable |
Activate firewall |
sudo ufw status verbose |
Verify active rules |
Troubleshooting
Quick checks for common UFW issues.
| Issue | Check |
|---|---|
| SSH access lost after enable | Ensure OpenSSH is allowed before ufw enable |
| Rule did not apply | Run sudo ufw reload and re-check with ufw status numbered |
| Service still unreachable | Confirm service is listening (ss -tulpn) and port/protocol match |
| Rules conflict | Check order with ufw status numbered and delete/re-add as needed |
| UFW not active at boot | Verify service state with systemctl status ufw |
Related Guides
Use these guides for full UFW workflows.
| Guide | Description |
|---|---|
How to Set Up a Firewall with UFW on Ubuntu 20.04
|
Full UFW setup on Ubuntu 20.04 |
How to Set Up a Firewall with UFW on Ubuntu 18.04
|
UFW setup on Ubuntu 18.04 |
How to Set Up a Firewall with UFW on Debian 10
|
UFW setup on Debian 10 |
How to List and Delete UFW Firewall Rules
|
Rule management and cleanup |
