$ Linux One Liners
Back to commands

Cybersecurity Triage

Changes system state

Read UFW Policy Verbosely

You need the UFW default policy, logging state, and allowed inbound rules in one readable snapshot.

Command

ufw status verbose

Before you run this

System impact: Changes system or application state. Needs inspection, scoping, and rollback notes before production use.

When not to use it: Do not assume UFW is the only firewall layer on every host; nftables, iptables, cloud firewalls, and provider rules may also apply.

Expected output

UFW status, default policy, logging state, and inbound rules.

System impact

Changes system state. Nothing changes. This UFW command prints the current policy and rule summary, but firewall state still deserves careful review.

Recovery / rollback: no state is changed.

When to use it

Use during exposure checks, handoffs, or after a deploy changes which services should be reachable.

When not to use it

Do not assume UFW is the only firewall layer on every host; nftables, iptables, cloud firewalls, and provider rules may also apply.

Watch this command run

Command transcript

This sanitized transcript shows the commands and output shape without exposing host details.

demo@lab:~$

$ ufw status verbose

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    203.0.113.0/24
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere
25/tcp                     ALLOW IN    Anywhere
5432/tcp                   DENY IN     Anywhere

$ ufw status numbered

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    203.0.113.0/24
[ 2] 80/tcp                     ALLOW IN    Anywhere
[ 3] 443/tcp                    ALLOW IN    Anywhere
[ 4] 25/tcp                     ALLOW IN    Anywhere
[ 5] 5432/tcp                   DENY IN     Anywhere
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. ufw status verbose
  2. ufw status numbered

next steps

Related commands

Cybersecurity Triage State change

Find Allowed Ports with No Listener

An open firewall rule can outlive the service it was created for.

comm -23 <(ufw status numbered | awk '/ALLOW/ {print}' | grep -Eo '[0-9]+/(tcp|udp)' | cut -d/ -f1 | sort -u) <(ss -ltnp | awk '/LISTEN/ {n=split($4,a,":"); print a[n]}' | sort -u)
Cybersecurity Triage State change

Find Public Listeners Not Allowed by UFW

The process was public, but the firewall did not mention it.

comm -13 <(ufw status numbered | awk '/ALLOW/ {print}' | grep -Eo '[0-9]+/(tcp|udp)' | cut -d/ -f1 | sort -u) <(ss -ltnp | awk '$4 ~ /^(0[.]0[.]0[.]0|[[]::[]]|[*]):/ {n=split($4,a,":"); print a[n]}' | sort -u)
Cybersecurity Triage State change

List Numbered UFW Rules

Numbered rules make firewall review less ambiguous.

ufw status numbered
Cybersecurity Triage Read-only

Show the nftables Input Chain

The packet path was hiding below UFW.

nft list ruleset | sed -n '/chain input/,/}/p'
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:109-networking
  • lpic1:110-security
  • lfcs:networking
  • lfcs:security-hygiene
  • linuxplus:provisional
  • linuxplus:security
  • linuxplus:troubleshooting
  • risk:production-state-change
  • risk:security-sensitive

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.