Skip to main content

UFW

Add Comments in UFW Firewall Rules

Adding comments to UFW firewall rules helps you understand the rules later. Learn how you can add and remove comments in the UFW firewall in Ubuntu.

Add comments in UFW firewall in Ubuntu

Adding comments to the UFW firewall can be a lifesaver if you manually configured networking and allowed ports to the specific services. It helps you understand why a particular rule was added to the firewall.

Here's an example of comments in the UFW firewall.

comments on UFW firewall rules

In this tutorial, I will explain how you can add comments to UFW firewall rules.

I'll be covering how to

  • Add comments to the existing firewall rules
  • Add comments while applying the firewall rules
  • Update the existing comment
  • Remove the comment

So let's start with how you can add comments while adding UFW firewall rules.

Add UFW firewall comments while adding a rule

To add UFW firewall comments while adding a new rule, you will have to follow the given syntax:

ufw <rule for connection> comment 'This is a comment'

So let's say I want to add a rule for SSH connection that will only allow IP 192.168.1.7.

This means, any other SSH connection will be rejected and for that case, I will add a comment saying "Only my private SSH connection is allowed."

sudo ufw allow from 192.168.1.7 port ssh comment 'Only my private SSH connection is allowed'
add UFW firewall rule while adding new rule

Here, I have used the status flag to check the UFW firewall status and it explains why other connections are rejected (through a comment).

Add comments to existing UFW firewall rules

To add a comment to the existing firewall rule, you need to use the same command you used to add the rule and append the comment.

Here, you can see that I have allowed port no 80 through my UFW firewall:

check ufw firewall status

So if I have to add a comment for port no 80, I will be using the following command:

sudo ufw allow 80 comment 'Accepting HTTPS connections'
add comment to existing UFW firewall rule in ubuntu

And you have added a comment to the existing firewall rule.

But wait, port no 80 is used for HTTP not for the HTTPS connection. So how can you update the existing rule? Well, here's how you do it.

Update existing UFW firewall comment

You may misinterpret port use like I did or make a spelling mistake.

But in all cases, you can follow the given syntax to update the existing comment:

ufw <rule_for_connection> comment 'new-comment-text-here'

For example, I will update my comment for port no 80 saying Accepting HTTPS connections to Accepting HTTP connections:

sudo ufw allow 80 comment 'Accepting HTTP connections'
update UFW firewall comments on ubuntu

Delete UFW firewall comments

To remove the existing UFW firewall comment, you will have to make a minor change in the previous command:

ufw <rule_for_connection> comment ''

In simple terms, you are updating the rule with a blank comment.

So let's say I want to remove the comment for port no 80 so I will be using the following command:

sudo ufw allow 80 comment ''
delete the ufw firewall comment
How to Check Firewall Logs in Ubuntu
Checking the firewall logs can tell you about the critical details for network security. Here’s how to check UFW firewall logs in Ubuntu.
Learn UbuntuSagar Sharma

Privacy freak? We have something for you

If you are worried about security, you may want to find unknown listening ports and close them:

How to Close Open Ports in Linux
Troubleshooting networks? Here’s how to find the open ports and close those open ports in the Linux command line.
Linux HandbookSagar Sharma

Or you may want to know how you can use SSH port forwarding as a security tool:

Using SSH Port Forwarding as a Security Tool in Linux
Learn to configure SSH port forwarding on your Linux system. Remote forwarding is also explained.
Linux HandbookHelder

And if you have any queries related to this guide or want to suggest what I should cover next, let me know in the comments.