Ubuntu – See configured rules even when inactive

firewallufw

I'm wondering if it's possible to get UFW to list the configured firewall rules even when it's not enabled. I only have ssh access to the server at this time, and I don't want to enable UFW if there's not a rule configured allowing ssh. However, since UFW is currently not enabled, I just get an "inactive" message when I run "ufw status".

Is there a special flag I can use or even some config file I can look at to see what rules are configured even when the firewall is disabled?

Best Answer

There is currently not a way to show the rules you have entered before enabling the firewall via the CLI command. You can inspect the rules files directly however. /lib/ufw/user*.rules contain the rules controlled via the 'ufw' CLI command. Eg:

 $ sudo grep '^### tuple' /lib/ufw/user*.rules

This will show output like the following (for the rule added with 'sudo ufw allow OpenSSH):

 /lib/ufw/user.rules:### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 OpenSSH - in

The 'tuple' is the shorthand used internally by ufw to keep track of rules, and can be interpreted as one of these:

 ### tuple ### <action> <proto> <dst port> <dst> <src port> <src> <direction>
 ### tuple ### <action> <proto> <dst port> <dst> <src port> <src> <dst app name> <src app name> <direction>

It might be useful to be able to add another status command to support this. Please consider filing a bug.

Related Question