Ubuntu: Delete several ufw rules

Question

How can several ufw rules be deleted at once? By using

$ ufw status numbered

Status: Aktiv

         Zu                         Aktion      Von
         --                         ------      ---
    [ 1] 80/tcp                     ALLOW IN    Anywhere
    [ 2] 53                         ALLOW IN    Anywhere
    [ 3] 53                         ALLOW OUT   Anywhere                   (out)
    [ 4] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
    [ 5] 53 (v6)                    ALLOW IN    Anywhere (v6)
    [ 6] 53 (v6)                    ALLOW OUT   Anywhere (v6)              (out)

I get the numbers of the rules and can delete a single rule using e.g.

$ ufw delete 2

But is there a way to delete several rules at once? Something like

ufw delete 2 3 5 6

would be nice (but does not work).

Answer 1

I've got three different ways to delete multiple rules in one go.

ufw delete

There is no feature to remove multiple numbers at once, but you can use rule syntax after delete to delete the rules for v4 and v6 in pairs:

ufw delete allow 53
ufw delete deny out 53

(ba)sh

You can also use a simple for-loop in your shell (but make sure numbers go downwards, because rule indices change as you delete rules):

for i in 6 5 3 2; do ufw delete $i; done

You will get a confirmation for each rule removal. If you want to skip the confirmation, use the -f option:

for i in 6 5 3 2; do ufw delete -f $i; done

Answer 2

The accepted answer doesn't not work for me because ufw resets the numbers after a rule is deleted. I was lucky in that I wanted to delete the first n rows, so I adjusted the oneliner into the following

for n in {1..n}; do echo $n; yes | sudo ufw delete 1; done

Answer 3

If you want to delete a range ex: from 100 until 200 yo can do:

for i in {200..100};do yes|sudo ufw delete $i;done

You start from 200 to 100 rules, if you use {100..200} rules will rearange and you only will delete a half of range due to rearange

Answer 4

Here is how I got rid of a rule for a specific protocol (port 6556):

NUM=$(ufw status numbered | grep 6556 | head -n1 | cut -d"]" -f1 | tr -d "[")
yes | ufw delete $NUM

The first line explained:

• ufw status numbered gets all rules with their corresponding numbers,
• grep finds the lines with the right port - change that bit for your setup,
• head makes sure we only get one rule/line/number (ufw delete can only do one),
• cut takes only the bit of [num-here] bla bla here before the ]
• tr -d gets rid of the leading [.

That leaves you only with the number, which gets stored to the variable NUM.

The second line appends the NUM to ufw delete, which gets confirmed by yes |

Run as many times as you think there are rules for the filter. Not finding anything will cause an error, but not kill your system.

To check things, you can pipe it through tee /dev/tty to inspect what the command is currently working on via STDOUT. And there is certainly a more smart way to get at the number. But this hackjob is the limit of my abilities. Edits and comments are welcome.

Answer 5

Deleting all UFW rules for a specific port number

---

if you want to delete rules based on a specific port number, use this (for example, port 3000 in this case) :

while true; do \
    rule_number=$(\
        ufw status numbered \
        | awk '/(ALLOW|DENY) IN/ && $0 ~ /\<(3000)\>/{gsub(/[\[\]]/, "");\
            print $1; \
            exit}'\
    ); \
    if [ -z "$rule_number" ]; then \
        break; \
    else \
        sudo yes \
        | ufw delete $rule_number --force; \
    fi; \
done

---

This relists and retrieves the rule numbers each time again and again considering that the rule numbers will change.

Explaination

while true; do initiates an infinite loop, as the condition "true" is always met.

rule_number=$(ufw status numbered | awk '/(ALLOW|DENY) IN/ && $0 ~ /\<(3000)\>/{gsub(/[\[\]]/, ""); print $1; exit}'): This command starts a sub-shell to retrieve the first rule number from the ufw (Uncomplicated Firewall) status output that matches certain criteria.

(ALLOW|DENY) IN: Matches lines containing "ALLOW IN" or "DENY IN". $0 ~ /\<(3000)\>/: Matches lines where the number "3000" appears as a separate word.

{gsub(/[\[\]]/, ""); print $1; exit}: Performs string manipulation to remove square brackets from the line (if present), and prints the first field (the rule number). The exit statement ensures that only the first match is captured. The retrieved rule number is stored in the variable rule_number.

if [ -z "$rule_number" ]; then break;: This conditional statement checks if the rule_number variable is empty. If it is empty (i.e., no rule number is found), the script breaks the loop and ends. If the variable is not empty, the script continues to the next step.

else sudo yes | ufw delete $rule_number --force; fi;: This command uses ufw to delete the rule specified by the captured rule_number. The --force flag is used to avoid interactive confirmation prompts. The sudo yes command is used to automatically answer "yes" to any prompts that may appear.

The loop continues from the beginning, repeating the process to find the next matching rule number and delete it. This continues until there are no more matching rules, at which point the loop breaks and the script ends.

Hope that helps!