old-fashioned ufw structure reduces usability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw (Ubuntu) |
New
|
Wishlist
|
Unassigned |
Bug Description
Hi,
ufw makes it difficult to deploy firewall rules through management systems like puppet, ansible or other scripts.
ufw has three points where to put rules in:
before.rules
user.rules
after.rules
the ufw command accepts only a very limited sort of rules, and user.rules should not be used to deploy files, since user changes would be overwritten.
before.rules and after.rules could easily be used for that purpose, but then the machine is cut from automated updates through apt, since apt refuses (for good reason) to replace modified files in /etc.
It would be much better to have a directory like /etc/ufw/rules_v4.d , to put the old-fashioned three files into 20_before, 50_user and 70_after, and to execute all rules in this directory, thus allowing to have additional rules in separate files.
regards
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ufw 0.35-0ubuntu2
ProcVersionSign
Uname: Linux 4.4.0-59-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.4
Architecture: amd64
CurrentDesktop: LXDE
Date: Sat Jan 28 16:21:02 2017
PackageArchitec
SourcePackage: ufw
UpgradeStatus: Upgraded to xenial on 2016-04-06 (297 days ago)
Changed in ufw (Ubuntu): | |
importance: | Undecided → Wishlist |