Check existing ufw firewall rules without enabling it

firewall ufw

Solution 1:

There is currently not a way to show the rules you have entered before enabling the firewall via the CLI command. You can inspect the rules files directly however. /lib/ufw/user*.rules contain the rules controlled via the 'ufw' CLI command. Eg

sudo grep '^### tuple' /lib/ufw/user*.rules

This will show output like the following

sudo grep '^### tuple' /lib/ufw/user*.rules
/lib/ufw/user6.rules:### tuple ### allow any 22 ::/0 any ::/0 in
/lib/ufw/user.rules:### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in

The 'tuple' is the shorthand used internally by ufw to keep track of rules

Or more detailed with

  sudo cat /lib/ufw/user.rules

*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-logging-deny - [0:0]
:ufw-logging-allow - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
### RULES ###

### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp --dport 22 -j ACCEPT

### END RULES ###

### LOGGING ###
-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###

### RATE LIMITING ###
-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

Like I say "tuple" is rules witch you are set via cli, rest are the default rules, chains ...

Solution 2:

2707974's grep worked for me, but on my system the files were in /etc/ufw/, not /lib/ufw/.

In case it helps anyone in the future, I tracked it down with

sudo find / -type f -iname 'user*rules' -ipath '*ufw*'

Related

Reducing Chrome GPU CPU usage
How can I replace GRUB with Windows 10 bootloader?
LibXp.so.6 missing 15.10
9p (libvirt/QEMU) share modes
How to close application from terminal same way as exiting it properly
How to install Python 3.5.1 on Ubuntu 16.04 LTS?
sudo nautilus error in 16.04
Keyboard Shortcut for Changing Desktops in Lubuntu
Opening two ports at once in ssh
Failure to download "ttf-mscorefonts-installer". Not even reinstall works! [duplicate]
Installing Cisco Packet Tracer 7 on Ubuntu 16.10
How can I sanitize or escape absolute paths returned by realpath or readlink?