Skip to content

3.5.1.7 Ensure ufw default deny firewall policy

Audit#

Run the following command and verify that the default policy for incoming, outgoing, and routed directions is deny , reject , or disabled: 

# ufw status verbose | grep Default:

Example output: 

Default: deny (incoming), deny (outgoing), disabled (routed)

Remediation#

Run the following commands to implement a default deny policy: 

# ufw default deny incoming
# ufw default deny outgoing
# ufw default deny routed