Ubuntu – UFW Firewall Rules ordering

I have the following rules on our server within UFW:

To                         Action      From
--                         ------      ----
22                         ALLOW       217.22.12.111
22                         ALLOW       146.200.200.200
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22/tcp                     ALLOW       109.104.109.0/26

The first two rules are our internal IP's which we want to ensure can always SSH in (port 22). The next two rules are to allow HTTP and HTTPS viewing from any IP addresses anywhere. The final rule is to allow SSH from our code deployment system.

I set a ufw default deny rule up but it doesn't appear to be showing. Should I also have a final rule which denies everything?

If I add a deny everything rule, does the order the rules appear above make a difference? Presumably if this list gets longer adding another allow rule above a deny rule is impossible, meaning I'll have to remove and re-add some rules?

$ sudo ufw status numbered To Action From -- ------ ---- [ 1] 22 ALLOW IN Anywhere [ 2] 80 ALLOW IN Anywhere [ 3] 443 ALLOW IN Anywhere [ 4] 22 (v6) ALLOW IN Anywhere (v6) [ 5] 80 (v6) ALLOW IN Anywhere (v6) [ 6] 443 (v6) ALLOW IN Anywhere (v6) [ 7] Anywhere DENY IN [ip-to-block]

Best Answer

If you're interested in reordering your UFW rules, this is one way to do it.

Say you accidentally added a rule to the end, but you wanted up top.

First you will have remove it from the bottom (7) and add it back.

$ sudo ufw delete 7

Note, be careful of removing multiple rules one after another, their position can change!

Add back your rule to the very top (1):

$ sudo ufw insert 1 deny from [ip-to-block] to any

Best Answer

Related Solutions

Iptables – Replace default iptables with ufw rules

Ufw deny network rule not working

Related Topic