`ufw` is a simple wrapper around `iptables` ([which can be rather complicated](https://github.com/afreeorange/iptables)). You can view all the rules the CLI adds in `/etc/ufw/user.rules`
### Adding Rules and Enabling
Some basic stuff for all interfaces.
```bash
# Block everything incoming
ufw default deny incoming
# Allow all outgoing connections
ufw default allow outgoing
# Allow a port
ufw allow 3306
# Show list of apps that have registered themselves with ufw
# These are in /etc/ufw/applications.d
ufw app list
# Enable an app
ufw allow Samba
# Show all added things (don't need a running firewall for this)
ufw show added
# Enable the firewall
ufw enable
# Check (running) firewall's status
ufw status verbose
```
### Deleting Rules
```bash
# Get the rule number
ufw status numbered
# Remove the offending rule
ufw delete 3
```
### Denying Things
```bash
# Deny access to a port
ufw deny 22
# Deny a host and subnet
ufw deny from 192.168.1.4
ufw deny from 192.168.1.0/24
# Deny an outgoing connection
ufw deny out 22
```
### Other stuff
```bash
# Allow a port range
ufw allow 8000:8008/tcp
ufw allow 8000:8008/udp
# Allow an IP Address
ufw allow from 192.168.1.19
# Allow access to an interface
ufw allow in on eth1 to any port 80
ufw allow in on eth1 to any port 443
# Allow an IP Address to a specific port
ufw allow from 192.168.1.19 to any port 3306
# Allow an entire subnet
ufw allow from 192.168.1.0/24
# Allow an entire subnet to a specific port
ufw allow from 192.168.1.0/24 to any port 3306
```
Note that `ufw` won't block `macvlan` ports for obvious reasons!