Checking firewall rules is one of the most common steps while troubleshooting network connections.
Ubuntu comes with the UFW (Uncomplicated Firewall) built-in. There is no dedicated command to list firewall rules in UFW. That doesn't mean you cannot see the rules.
List firewall rules in UFW
To list the UFW firewall rules, you will have to check the status of ufw firewall.
When you check the status, it also prints the existing UFW firewall rules for your machine:
sudo ufw status
But for some users, UFW might show the inactive status as follows:
This is likely because you don't have the firewall enabled.
You may enable the firewall and display the rules with the above method. But if you just want to see which rules have been added to the firewall, there is a better way.
List rules when the firewall is disabled
This method will show the user added rules even if the firewall is inactive. This is a better way because you should be checking the rules before you turn on the firewall.
sudo ufw show added
If you are accessing the server through SSH and for some reason, you have added rule blocking all incoming traffic, you won't be able to access the server via SSH if you enable the firewall.
Get additional details apart from UFW Firewall rules
Similarly, if you want additional details apart from the rules, you can append the
verbose flag with the previous status command:
sudo ufw status verbose
So when you go for verbose output, it gives you details about:
- The default policy of the UFW firewall
- Logging level
The default policy of UFW indicates how it will deal with network traffics without any tweaks by the user:
- Routing is disabled by default
- Incoming network packets will also be denied
- Only outgoing connections are allowed
Now, let's have a look at the logging aspect.
There are five different levels of logs that you can achieve using the UFW firewall.
Being a broad topic, we have a dedicated guide on how you can use different levels of logging including what logs indicate in various scenarios: