old-fashioned ufw structure reduces usability

Bug #1660040 reported by Hadmut Danisch
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)
New
Wishlist
Unassigned

Bug Description

Hi,

ufw makes it difficult to deploy firewall rules through management systems like puppet, ansible or other scripts.

ufw has three points where to put rules in:

before.rules
user.rules
after.rules

the ufw command accepts only a very limited sort of rules, and user.rules should not be used to deploy files, since user changes would be overwritten.

before.rules and after.rules could easily be used for that purpose, but then the machine is cut from automated updates through apt, since apt refuses (for good reason) to replace modified files in /etc.

It would be much better to have a directory like /etc/ufw/rules_v4.d , to put the old-fashioned three files into 20_before, 50_user and 70_after, and to execute all rules in this directory, thus allowing to have additional rules in separate files.

regards

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ufw 0.35-0ubuntu2
ProcVersionSignature: Ubuntu 4.4.0-59.80-generic 4.4.35
Uname: Linux 4.4.0-59-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.4
Architecture: amd64
CurrentDesktop: LXDE
Date: Sat Jan 28 16:21:02 2017
PackageArchitecture: all
SourcePackage: ufw
UpgradeStatus: Upgraded to xenial on 2016-04-06 (297 days ago)

Revision history for this message
Hadmut Danisch (hadmut) wrote :
Changed in ufw (Ubuntu):
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.