Adding comments to the UFW firewall can be a lifesaver if you manually configured networking and allowed ports to the specific services. It helps you understand why a particular rule was added to the firewall.
Here's an example of comments in the UFW firewall.
In this tutorial, I will explain how you can add comments to UFW firewall rules.
I'll be covering how to
- Add comments to the existing firewall rules
- Add comments while applying the firewall rules
- Update the existing comment
- Remove the comment
So let's start with how you can add comments while adding UFW firewall rules.
Add UFW firewall comments while adding a rule
To add UFW firewall comments while adding a new rule, you will have to follow the given syntax:
ufw <rule for connection> comment 'This is a comment'
So let's say I want to add a rule for SSH connection that will only allow IP 192.168.1.7.
This means, any other SSH connection will be rejected and for that case, I will add a comment saying "Only my private SSH connection is allowed."
sudo ufw allow from 192.168.1.7 port ssh comment 'Only my private SSH connection is allowed'
Here, I have used the
status flag to check the UFW firewall status and it explains why other connections are rejected (through a comment).
Add comments to existing UFW firewall rules
To add a comment to the existing firewall rule, you need to use the same command you used to add the rule and append the comment.
Here, you can see that I have allowed port no 80 through my UFW firewall:
So if I have to add a comment for port no 80, I will be using the following command:
sudo ufw allow 80 comment 'Accepting HTTPS connections'
And you have added a comment to the existing firewall rule.
But wait, port no 80 is used for HTTP not for the HTTPS connection. So how can you update the existing rule? Well, here's how you do it.
Update existing UFW firewall comment
You may misinterpret port use like I did or make a spelling mistake.
But in all cases, you can follow the given syntax to update the existing comment:
ufw <rule_for_connection> comment 'new-comment-text-here'
For example, I will update my comment for port no 80 saying Accepting HTTPS connections to Accepting HTTP connections:
sudo ufw allow 80 comment 'Accepting HTTP connections'
Delete UFW firewall comments
To remove the existing UFW firewall comment, you will have to make a minor change in the previous command:
ufw <rule_for_connection> comment ''
In simple terms, you are updating the rule with a blank comment.
So let's say I want to remove the comment for port no 80 so I will be using the following command:
sudo ufw allow 80 comment ''
Privacy freak? We have something for you
If you are worried about security, you may want to find unknown listening ports and close them:
Or you may want to know how you can use SSH port forwarding as a security tool:
And if you have any queries related to this guide or want to suggest what I should cover next, let me know in the comments.