Ufw denying and re-allowing without adding two rules

LewlSauce asked:

So I’m using Fail2ban and the way it bans and unbans IP addresses is by using the ufw deny from xx.xx.xx.xx to any and allow. However, because new rules need to stay on the top of the list (above the allow any any), I can’t seem to reallow access without manually doing a ufw status numbered and deleting the original rule.

Is there any way that I can do something like ufw allow from x.x.x.x to any and automatically remove any existing “deny” rules? Otherwise, I’m not sure how fail2ban can ever remove an IP ban with ufw once it has already been placed.

My answer:


You delete a rule from ufw by specifying it the same way you did when adding it, but specifying to delete it instead.

For instance, if you blocked an IP address with:

ufw deny from 203.0.113.85 to any

You would remove the rule with:

ufw delete deny from 203.0.113.85 to any

If you read the file /etc/fail2ban/action.d/ufw.conf you will see that this is exactly what it is doing.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.