See configured rules even when inactive
There is now a ufw show added
command that will list the configured rules for you, even when the firewall is inactive. It was added as a fix for this bug report and added in v0.33
So now you can do:
# ufw status
Status: inactive
# ufw allow ssh
Rules updated
Rules updated (v6)
# ufw show added
Added user rules (see 'ufw status' for running firewall):
ufw allow 22
# ufw enable
Firewall is active and enabled on system startup
# ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
The format of the output from ufw show added
makes it much easier to write the delete command for each rule too.
There is currently not a way to show the rules you have entered before enabling the firewall via the CLI command. You can inspect the rules files directly however. /lib/ufw/user*.rules contain the rules controlled via the 'ufw' CLI command. Eg:
$ sudo grep '^### tuple' /lib/ufw/user*.rules
This will show output like the following (for the rule added with 'sudo ufw allow OpenSSH):
/lib/ufw/user.rules:### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 OpenSSH - in
The 'tuple' is the shorthand used internally by ufw to keep track of rules, and can be interpreted as one of these:
### tuple ### <action> <proto> <dst port> <dst> <src port> <src> <direction>
### tuple ### <action> <proto> <dst port> <dst> <src port> <src> <dst app name> <src app name> <direction>
It might be useful to be able to add another status command to support this. Please consider filing a bug.
General rules are in /etc/ufw
. User defined rules are in /lib/ufw/user*
.