UFW: rules not taking effect

UFW rules appear to have no effect when another program (iptables, Docker, or fail2ban) modifies the underlying netfilter tables, bypassing UFW's rule chain.

What Causes This

UFW manages rules in the ufw-user-input and ufw-user-output iptables chains. If another program inserts rules into the INPUT, FORWARD, or DOCKER chains directly, those rules take precedence over UFW's chains.

Dockeris the most common culprit — it modifies iptables directly to expose container ports, bypassing UFW entirely. See Docker bypasses UFW rules.

How to Fix

1. Check all iptables rules, not just UFW's:

sudo iptables -L -n -v

2. Identify rules outside the ufw-* chains that conflict with intended behavior.

3. For Docker conflicts, see the dedicated Docker bypasses UFWarticle.