# single IP ufw insert 1 deny from 192.168.111.123/32 # IP range ufw insert 1 deny from 192.168.111.123/24
→ you can use ufw deny from instead, but keep in mind the rules are evaluated from first to last, so if you have an allow rule before, the deny rule might not be applied.
# port forwarding *nat :PREROUTING ACCEPT [0:0] # flush rules so no duplicates are added -F # forward :3217 to wireguard listening on :5226 -A PREROUTING -p udp --dport 3217 -j REDIRECT --to-port 5226 COMMIT
after that:
ufw disable && ufw enable
check if enabled or disabled in bash:
if ! grep ENABLED=no /etc/ufw/ufw.conf>/dev/null; then echo "enabled"; else echo "disabled"; fi