# ufw

### Verify Status

```
sudo ufw status
#output
Status: inactive
--OR--
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
```

### Enable the FW

```
sudo ufw enable
#output
Firewall is active and enabled on system startup
```

### Disable the FW

```
sudo ufw disable
```

### See FW Rules

```
sudo ufw status
#output
Status: active

To                         Action      From
--                         ------      ----
Anywhere                   DENY        10.10.10.10  
```

### Change the Default Policy

```
sudo ufw default deny outgoing
sudo ufw default deny incoming
```

### View ufw App List

```
sudo ufw app list | grep Nginx
#output
Nginx Full
Nginx HTTP
Nginx HTTPS
```

### Block an IP Address/Subnet <a href="#block-an-ip-address" id="block-an-ip-address"></a>

```
sudo ufw deny from 10.10.10.10
sudo ufw deny from 10.10.10.10/24
```

### Block Incoming Connections to a Network Interface

```
sudo ufw deny in on eth0 from 10.10.10.10
```

### Allow Incoming Connections to a Network Interface <a href="#allow-incoming-connections-to-a-network-interface" id="allow-incoming-connections-to-a-network-interface"></a>

```
sudo ufw allow in on eth0 from 10.10.10.10
```

### Allow an IP in

```
sudo ufw allow from 10.10.10.10
```

### Deleting Rules

```
sudo ufw status numbered
#output
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Anywhere                   DENY IN     10.10.10.10             
[ 2] Anywhere on eth0           ALLOW IN    10.10.10.11 

#now delete the rule
sudo ufw delete 1    
```

### Allow by Application

```
sudo ufw allow “OpenSSH”
#output
Rule added
Rule added (v6)
```

### Disable by Application

```
#get status 
sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                               
Nginx Full                 ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)                   
Nginx Full (v6)            ALLOW       Anywhere (v6) 
#remove the service you want to deny 
sudo ufw allow "Nginx HTTPS"
--OR--
sudo ufw delete allow "Nginx Full"
```

### Credit and Further Reading

<https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://book.ice-wzl.xyz/firewalls/ufw.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.