Skip to content

3.5.3.1.3 Ensure ufw is uninstalled or disabled with iptables

Audit#

Run the following commands to verify that ufw is either not installed or disabled. Only one of the following needs to pass.

Run the following command to verify that ufw is not installed: 

# dpkg-query -W -f='${binary:Package}\t${Status}\t${db:Status-Status}\n' ufw
ufw unknown ok not-installed not-installed

Run the following command to verify ufw is disabled: 

# ufw status
Status: inactive

Run the following commands to verify that the ufw service is masked: 

# systemctl is-enabled ufw
masked

Remediation#

Run one of the following commands to either remove ufw or stop and mask ufw

Run the following command to remove ufw: 

# apt purge ufw

OR

Run the following commands to disable ufw: 

# ufw disable
# systemctl stop ufw
# systemctl mask ufw