Skip to content

4.3.2 Ensure ufw is uninstalled or disabled with nftables

Audit#

Run the following commands to verify that ufw is either not installed or inactive. Only one of the following needs to pass. Run the following command to verify that ufw is not installed: 

# dpkg-query -s ufw &>/dev/null && echo "ufw is installed"
Nothing should be returned -OR- Run the following commands to verify ufw is disabled and ufw.service is not enabled: 
# ufw status
Status: inactive
# systemctl is-enabled ufw.service
masked

Remediation#

Run one of the following commands to either remove ufw or disable ufw.service

Run the following command to remove ufw: 

# apt purge ufw
-OR- Run the following commands to disable ufw and mask ufw.service: 
# ufw disable
# systemctl stop ufw.service
# systemctl mask ufw.service

Note: ufw disable needs to be run before systemctl mask ufw.service in order to correctly disable UFW