Allow specifying both directions in one rule
Bug #1116519 reported by
Daniel Aleksandersen
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ufw |
Won't Fix
|
Wishlist
|
Unassigned | ||
| ufw (Ubuntu) |
Won't Fix
|
Wishlist
|
Unassigned | ||
Bug Description
Rules that do not specify directions default to `in` which makes sense because the default is to only firewall incoming connections. But this makes it more complicated when blocking outgoing connections by default as well because there is no `both` alternative to the `in` and `out` directions.
For example, opening port 22 in and outgoing requires two steps:
1. ufw default deny incoming; ufw default deny outgoing
2. ufw allow out proto tcp to any port 22
3. ufw allow in proto tcp to any port 22
I would like to see this reduced to only one step with the simpler grammar form:
1. ufw default deny incoming; ufw default deny outgoing
2. ufw allow both 22/tcp
Ubuntu 12.10, ufw 0.33-0ubuntu2.1
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in ufw: | |
| importance: | Undecided → Wishlist |
| status: | New → Won't Fix |
| no longer affects: | ufw (Ubuntu) |
| Changed in ufw (Ubuntu): | |
| status: | New → Won't Fix |
| importance: | Undecided → Wishlist |
To post a comment you must log in.
Thank you for using Ubuntu and reporting a bug. The CLI command is meant to simplify adding rules by grouping like concepts together. For example "ufw allow in log-all Samba" will create several netfilter rules to handle the multiple ports for Samba as well as the additional logging rules, but they are all related to the same rule. By adding a "both" directive, the resulting netfilter rules would not be conceptually related. It would also complicate things when routing rules (FORWARD chain) land. Marking as "Won't Fix".