ufw is not blocking traffic the way you think it is?

(Everyday DevOps and Infrastructure – instead of keeping the knowledge in our team, let’s share it with the community)

Today we again got reminded that what you’ve configured in ufw is not what actually happening.

ufw is wrapping iptables. The rules that you seen in ufw are not really the rules that are applied for the firewall. They could be different. They could be a lot different.

To get the complete rules you should check

$ iptables --list

Then you should flush the iptables and start from zero and recreate the rules of ufw. Of course, backup the rules if anything goes wrong, but ufw is not the actually firewall. It just helps you manage your iptables.

I think there should be some kind of notification when opening ufw status where it should tell you that iptables rules are different from the ufw status rules. This could increase quality of life and general security on the internet.