diff --git a/mock_ssh_test.go b/mock_ssh_test.go
index 786bab3..64d41b0 100644
--- a/mock_ssh_test.go
+++ b/mock_ssh_test.go
@@ -1895,6 +1895,7 @@ func moduleUFWWithClient(_ *Executor, client sshRunner, args map[string]any) (*T
 	proto := getStringArg(args, "proto", "tcp")
 	state := getStringArg(args, "state", "")
 	logging := getStringArg(args, "logging", "")
+	deleteRule := getBoolArg(args, "delete", false)
 
 	var cmd string
 
@@ -1941,6 +1942,9 @@ func moduleUFWWithClient(_ *Executor, client sshRunner, args map[string]any) (*T
 		case "limit":
 			cmd = sprintf("ufw limit %s/%s", port, proto)
 		}
+		if deleteRule && cmd != "" {
+			cmd = "ufw delete " + corexTrimPrefix(cmd, "ufw ")
+		}
 
 		stdout, stderr, rc, err := client.Run(context.Background(), cmd)
 		if err != nil || rc != 0 {
diff --git a/modules.go b/modules.go
index fb41e76..dbb4e62 100644
--- a/modules.go
+++ b/modules.go
@@ -3385,6 +3385,7 @@ func (e *Executor) moduleUFW(ctx context.Context, client sshExecutorClient, args
 	proto := getStringArg(args, "proto", "tcp")
 	state := getStringArg(args, "state", "")
 	logging := getStringArg(args, "logging", "")
+	deleteRule := getBoolArg(args, "delete", false)
 
 	var cmd string
 
@@ -3431,6 +3432,9 @@ func (e *Executor) moduleUFW(ctx context.Context, client sshExecutorClient, args
 		case "limit":
 			cmd = sprintf("ufw limit %s/%s", port, proto)
 		}
+		if deleteRule && cmd != "" {
+			cmd = "ufw delete " + corexTrimPrefix(cmd, "ufw ")
+		}
 
 		stdout, stderr, rc, err := client.Run(ctx, cmd)
 		if err != nil || rc != 0 {
diff --git a/modules_adv_test.go b/modules_adv_test.go
index 72c58e3..d8fb1f3 100644
--- a/modules_adv_test.go
+++ b/modules_adv_test.go
@@ -1629,6 +1629,22 @@ func TestModulesAdv_ModuleUFW_Good_LimitRule(t *testing.T) {
 	assert.True(t, mock.hasExecuted(`ufw limit 22/tcp`))
 }
 
+func TestModulesAdv_ModuleUFW_Good_DeleteRule(t *testing.T) {
+	e, mock := newTestExecutorWithMock("host1")
+	mock.expectCommand(`ufw delete allow 443/tcp`, "Rule deleted", "", 0)
+
+	result, err := moduleUFWWithClient(e, mock, map[string]any{
+		"rule":   "allow",
+		"port":   "443",
+		"delete": true,
+	})
+
+	require.NoError(t, err)
+	assert.True(t, result.Changed)
+	assert.False(t, result.Failed)
+	assert.True(t, mock.hasExecuted(`ufw delete allow 443/tcp`))
+}
+
 func TestModulesAdv_ModuleUFW_Good_LoggingMode(t *testing.T) {
 	e := NewExecutor("/tmp")
 	mock := NewMockSSHClient()