Want to keep track of why you added those firewall rules? Here's how to add comments to your UFW rules to make your firewall configuration more maintainable.
Basic Syntax
sudo ufw allow 22 comment 'Allow SSH connections'
Common Examples
# Web server rules
sudo ufw allow 80 comment 'Allow HTTP traffic'
sudo ufw allow 443 comment 'Allow HTTPS traffic'
# Database access
sudo ufw allow from 192.168.1.100 to any port 5432 comment 'Allow PostgreSQL from dev machine'
sudo ufw allow from 10.0.0.0/24 to any port 3306 comment 'Allow MySQL from internal network'
# Application-specific rules
sudo ufw allow 8080 comment 'Jenkins CI server'
sudo ufw allow 3000 comment 'Development server'
# Restrict SSH access
sudo ufw allow from 192.168.1.0/24 to any port 22 comment 'Allow SSH from local network only'
View Rules with Comments
sudo ufw show added
# or
sudo ufw status verbose
Delete Rules with Comments
Find the rule number first:
sudo ufw status numbered
Then delete it:
sudo ufw delete [number]
Pro Tips
- Always make comments specific and actionable
- Include ticket numbers or dates for tracking:
sudo ufw allow 8000 comment 'Temporary dev server - TICKET-123 - Remove after 2024-12-01' - Document external IPs:
sudo ufw allow from 18.204.10.15 comment 'Allow CI/CD pipeline from AWS instance i-12345'
Remember: Comments help your future self (and your team) understand why each rule exists. Make them count! 🛡️