UFW Firewall Rules ordering?

Solution 1:

If you're interested in reordering your UFW rules, this is one way to do it.

$ sudo ufw status numbered

     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN    Anywhere
[ 2] 80                         ALLOW IN    Anywhere
[ 3] 443                        ALLOW IN    Anywhere
[ 4] 22 (v6)                    ALLOW IN    Anywhere (v6)
[ 5] 80 (v6)                    ALLOW IN    Anywhere (v6)
[ 6] 443 (v6)                   ALLOW IN    Anywhere (v6)
[ 7] Anywhere                   DENY IN     [ip-to-block]

Say you accidentally added a rule to the end, but you wanted up top.

First you will have remove it from the bottom (7) and add it back.

$ sudo ufw delete 7

Note, be careful of removing multiple rules one after another, their position can change!

Add back your rule to the very top (1):

$ sudo ufw insert 1 deny from [ip-to-block] to any

Solution 2:

The command ufw status verbose will show you the default rule. For your configuration you probably want it to say

Default: deny (incoming), allow (outgoing)

In that case, you don't need a separate 'deny everything' rule, and the order of your other rules doesn't matter. If you do want to change the order, you can add a rule at a specific place by using ufw insert [position] [rule text]. You can get a numbered list of rules with ufw status numbered.