How It Works

1. Run

Run sudo ufw status verbose on your server and copy the full output.

2. Paste

Paste it into the tool and click Audit. The traffic funnel and audit findings appear instantly.

3. Harden

Review findings for high-risk open ports, missing default-deny, and IPv4/IPv6 mismatches. Nothing leaves your browser.

Frequently Asked Questions

How do I get my UFW status output?

Run sudo ufw status verbose in your terminal and paste the full output into the tool.

What is a high-risk port?

High-risk ports are commonly targeted by automated scanners and attackers. This tool flags ports 22 (SSH), 23 (Telnet), 3389 (RDP), 5432 (PostgreSQL), 3306 (MySQL), 6379 (Redis), and 27017 (MongoDB) when open to Anywhere.

What does missing default-deny mean?

UFW should block all incoming traffic by default unless explicitly allowed. If your default policy is allow, any port not covered by a rule is open to the internet.

What is an IPv4/IPv6 mismatch?

If you allow a port for IPv4 but not IPv6 (or vice versa), traffic on the uncovered protocol can bypass your rules. This tool flags ports where one protocol is covered and the other is not.

Does this tool store my firewall rules?

No. All processing happens in your browser. Your UFW output is never sent to or stored on any ConfigClarity server.

UFW Firewall Auditor — free online tool. Paste ufw status verbose output and instantly check firewall rules for security issues. Detect high-risk open ports like SSH, MySQL, Redis and MongoDB exposed to Anywhere. Check for missing default-deny incoming policy. Find conflicting ALLOW and DENY rules. Identify IPv4 and IPv6 mismatches. Linux UFW rule checker and validator. Free firewall audit tool with no signup required. All processing is client-side.

UFW Firewall Auditor — Port & Rule Checker

Traffic Funnel

Audit findings

How It Works

Frequently Asked Questions