Raspberry Pi – UFW Firewall – Editing Rules – Part 2

Anytime that you make a rule change, it is a good idea to do a sudo ufw reload to restart the firewall and get it re-read your rules list.

In my earlier posts regarding the configuration of telnet and ssh, I showed how to restrict access to the RPi using the control functions unique to Telnet and SSH. While that is one options of controlling access for a single protocol, Using a single method for all services that will run on your RPi is a better solution in the long run.

When you want to delete a rule that you entered in error or don’t need anymore, you should remove that rule. To delete the rule, you will need the rule number that UFW actually knows that rule by. That isn’t something that you enter when creating the rule, that is handled by UFW as each rule is enter. You get the numbers for each rule by using the sudo ufw status numbered command.

You should get output similar to this –

pi@raspberrypi:~$ sudo ufw status numbered
Status: active

To Action From
— —— —-
[ 1] 22 ALLOW IN 192.168.0.140
[ 2] 23 ALLOW IN 192.168.0.140

Once you have found the number of rule to delete, use sudo ufw delete # (replace the # with the rule number that you want to delete. After you have done this, you will want to verify that the rule has been deleted. Use sudo ufw status to verify this.
[youtube]http://youtu.be/1YyXFmnakfI[/youtube]
You should see output similar to this –

pi@raspberrypi:~$ sudo ufw status
Status: active

To Action From
— —— —-
22 ALLOW 192.168.0.140

When you compare the two uses of the ufw status command before and after the rule has been deleted, you will notice the rule is now gone. For the changes to take effect, you will need to restart the ufw service by using the sudo ufw reload command. You also have the option of using the sudo ufw disable and sudo ufw enable commands but with the reload command, you have just one command string to enter instead of two. That’s it, you now have deleted the rule and updated ufw to know that it has one less rule to process.

To see more of my posts about the Raspberry Pi, please go to http://www.ronnutter.com/category/raspberry-pi/

Send to Kindle
This entry was posted in Blog Entries, Raspberry Pi and tagged . Bookmark the permalink.