Using UFW, if I create a rule, will it apply to both IPv4 and IPv6?

Question

Will UFW create the appropriate rules in both iptables and ip6tables?

Which rule? Are you talking about allowing/denying a port? An address range? — Elder Geek, Aug 06 '17 at 22:41

score 7 · Accepted Answer · answered Aug 06 '17 at 22:41

It depends whether the rule you create is generic, such as

ufw allow 22/tcp

or is specific to one address family, such as

sudo ufw allow from 192.168.1.0/24 to any port 22 proto tcp

Ex.:

$ sudo ufw allow from 192.168.1.0/24 to any port 22 proto tcp
Rule added
$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    192.168.1.0/24

but

$ sudo ufw allow 22/tcp
Rule added
Rule added (v6)

$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    Anywhere                  
[ 2] 22/tcp (v6)                ALLOW IN    Anywhere (v6)

Is it safe to remove the `22/tcp (v6)` – `Anywhere` rule along with the `22/tcp` – `Anywhere` rule in order to lock down ssh access via port 22 to only one IP address? Or do I lock myself out, that way? Asking because as you show (and as it worked for me too), the command to allow only a specific IP only adds the `22/tcp` – ``, not a `22/tcp (v6)` – `` rule. — LinusGeffarth, Apr 22 '22 at 18:56

Using UFW, if I create a rule, will it apply to both IPv4 and IPv6?

1 Answers1