# Check status
ufw status
ufw status verbose
ufw status numbered
# Enable / disable
ufw enable
ufw disable
# Reset all rules
ufw reset
# Allow port
ufw allow 22
ufw allow 80/tcp
ufw allow 443/tcp
# Allow service name
ufw allow ssh
ufw allow http
ufw allow https
# Allow port range
ufw allow 8000:9000/tcp
# Deny port
ufw deny 23
ufw deny 3389/tcp
# Allow from specific IP
ufw allow from 192.168.1.100
ufw allow from 192.168.1.100 to any port 22
# Allow subnet
ufw allow from 192.168.1.0/24
ufw allow from 192.168.1.0/24 to any port 3306
# Block IP
ufw deny from 10.10.10.10
ufw deny from 10.10.10.0/24
# By rule number
ufw status numbered
ufw delete 3
# By rule content
ufw delete allow 80
ufw delete deny from 10.10.10.10
# Set default deny incoming (recommended)
ufw default deny incoming
ufw default allow outgoing
# Strict: deny all by default
ufw default deny incoming
ufw default deny outgoing
# Enable logging
ufw logging on
ufw logging medium # levels: off, low, medium, high, full
# View logs
tail -f /var/log/ufw.log
journalctl -f | grep UFW
# List available profiles
ufw app list
# Show profile details
ufw app info "Nginx Full"
# Allow by profile
ufw allow "Nginx Full"
ufw allow "OpenSSH"
# Start fresh
ufw reset
# Default policies
ufw default deny incoming
ufw default allow outgoing
# Allow necessary services
ufw allow ssh # or: ufw allow 22/tcp
ufw allow http
ufw allow https
# Enable
ufw enable
# Verify
ufw status verbose