If your new to linux, ufw is very useful tool. Really simple to install with ubuntu.

However, should you choose to get rid of it for some reason, it leaves behind quite a mess.
Here is a quick script to clean up the mess.

Here is the whole process as a bash script:

#!/usr/bin/bash
iptables -P INPUT ACCEPT
iptables -X ufw-user-output

iptables -X ufw-user-logging-output
iptables -X ufw-user-logging-input
iptables -X ufw-user-logging-forward
iptables -X ufw-user-limit-accept
iptables -X ufw-user-limit
iptables -X ufw-user-input
iptables -X ufw-user-forward
iptables -X ufw-track-output
iptables -X ufw-track-input
iptables -X ufw-skip-to-policy-output
iptables -X ufw-skip-to-policy-input
iptables -X ufw-skip-to-policy-forward
iptables -X ufw-reject-output
iptables -X ufw-reject-input
iptables -X ufw-reject-forward
iptables -X ufw-not-local
iptables -X ufw-logging-deny
iptables -X ufw-logging-allow
iptables -X ufw-before-output
iptables -X ufw-before-logging-output
iptables -X ufw-before-logging-input
iptables -X ufw-before-logging-forward
iptables -X ufw-before-input
iptables -X ufw-before-forward
iptables -X ufw-after-output
iptables -X ufw-after-logging-output
iptables -X ufw-after-logging-input
iptables -X ufw-after-logging-forward
iptables -X ufw-after-input
iptables -X ufw-after-forward
apt-get remove ufw
#As a basic firewall I’d recommend the following:
iptables  -F
iptables  -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables  -A INPUT -i lo -j ACCEPT
iptables  -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp –dport 13160-j ACCEPT
iptables  -A INPUT -d XX_REPLACE_WITH_YOUR_SERVER_IP/32 -p icmp -m icmp –icmp-type 8 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables  -A INPUT -d XX_REPLACE_WITH_YOUR_SERVER_IP/32 -p icmp -m icmp –icmp-type 0 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
This will:
Reset the default policy of INPUT to ACCEPT so we don’t get locked out of our box.
Then  remove the custom ufw chains, flush all existing rules, accept established connections, accept all connections on loopback device, accept all connects to ports 80(http),443(https), and 22(sshd)
It will also accept pings from machines which have established a connection. With large packet support now enabled by default in the linux kernel, its important to allow some pings to be accepted. Then we set the default policys of input and forward to drop and output to accept.
Make sure you replace XX_REPLACE_WITH_YOUR SERVER_IP with your servers ip address.

4 responses to “The complicated process for removing the “uncomplicated firewall””

  1. Sam Avatar
    Sam

    Extremely useful stuff, just had to clean up a confused UFW install and this saved me a bundle of time.  Many thanks for sharing!

  2. Eric Avatar

    This saved me a lot of time too. I'm running Linux Mintz and I had to add:

    iptables -X ufw-track-forward

    Many thanks!

  3. jarl Avatar
    jarl

    I use this:

    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -t nat -P PREROUTING ACCEPT
    iptables -t nat -P POSTROUTING ACCEPT
    iptables -t nat -P OUTPUT ACCEPT
    iptables -F
    iptables -t nat -F
    iptables -X
    iptables -t nat -X

     

    To remove all rules in fw, put in a loop bash this:

    ufw –force delete $(ufw status numbered |(grep 'on' | awk -F"[][]" '{print $2}'))

     

    Regards.

     

    1. derak Avatar
      derak

      At the time I didn’t have a lot of experience with bash. Your loop to remove looks like a better deal. Thanks for posting.

Verified by MonsterInsights