UFW stands for Uncomplicated Firewall, and is a user-friendly  frontend for managing iptables (netfilter) firewall rules. It is the  default firewall configuration tool for Ubuntu and is also available for other popular Linux distributions such as Debian and Arch Linux.

In this tutorial, we will cover how to list and delete UFW firewall rules.

Prerequisites

The user running UFW commands must be a sudo user.

Listing UFW Rules

One of the most common tasks when managing a firewall is listing rules.

You can check the status of UFW and list all rules with:

sudo ufw status

If UFW is disabled you will see something like this:

Status: inactive

Otherwise, if UFW is active, the output will print a list of all active firewall rules:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere          
22/tcp (v6)                ALLOW       Anywhere (v6) 

To get extra information use status verbose:

sudo ufw status verbose

The output will include information about the logging, default policies and new profiles:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere          
22/tcp (v6)                ALLOW       Anywhere (v6) 

Use status numbered to get the order and id number of all active rules. This is useful when  you want to insert a new numbered rule or delete an existing rule based  on its number.

sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 22/tcp (v6)                ALLOW IN    Anywhere (v6) 

Deleting UFW Rules

There are two ways to delete UFW rules:

  • By rule number
  • By specification

If  you are deleting firewall rules over SSH, make sure not to lock  yourself out of the remote server by removing the rule that allows SSH  traffic. By default, SSH listens on port 22.

Deleting  UFW rules by the rule number is easier because you only need to find  and type the number of the rule you want to delete, not the complete  rule.

Deleting UFW rules by rule number

To remove a UFW rule by its number first you need to list the rules and find the number of the rule you want to remove:

sudo ufw status numbered

The command will give you a list of all firewall rules and their numbers:

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 443/tcp                    ALLOW IN    Anywhere
[ 4] 8069/tcp                   ALLOW IN    Anywhere

Once you know the rule number, use the ufw delete command followed by the number of the rule you want to remove.

For example, to delete the rule with number 4, you would type:

sudo ufw delete 4

You will be prompted to confirm that you want to delete the rule:

Deleting:
 allow 22/tcp
Proceed with operation (y|n)? y

Type y, hit Enter and the rule will be deleted:

Rule deleted

Each  time you remove a rule, the rules number will change. To be on the safe  side, always list the rules before deleting another rule.

Removing UFW rules by specification

The second method to delete a rule is by using the ufw delete command followed by the rule.

For example, if you added a rule which opens the port 2222, using the following command:

sudo ufw allow 2222

You can delete the rule by typing:

sudo ufw delete allow 2222

Resetting UFW and removing all rules

Resetting  UFW will disable the firewall, and delete all active rules. This is  useful when you want to revert all of your changes and start fresh.

To reset UFW type the following command:

sudo ufw reset

Conclusion

You  have learned how to list and delete UFW firewall rules. When  configuring a firewall always allow only those incoming connections that  are necessary for the proper functioning of your system.

If you have questions, feel free to leave a comment below.