[wishlist] Extend ufw syntax to enable more typings
Bug #207317 reported by
Nicolai P
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Invalid
|
Undecided
|
Jamie Strandboge |
Bug Description
At the moment, the simple syntax for ufw is like this:
# ufw allow 443/tcp
This is the same as
# ufw allow proto tcp from any port any to any port 443
(at least I think it is ;) )
Commands like this should also work (so that the values for "from" and "any" are just set to "any" by default):
# ufw allow port 443
# ufw deny port 22/udp
This commands already work:
# ufw deny from 192.168.0.3
# ufw allow to 192.168.2.1
Please implement this.
To post a comment you must log in.
Thank you for reporting this bug and helping to make ufw better. I know we talked about this on IRC some, but now that you have written this here I understand more of what you want. I believe ufw provides almost all the functionality you desire. Please see the RULE SYNTAX section of the manpage (man ufw) for more information. Eg:
ufw allow 53
ufw allow 25/tcp
ufw allow smtp
ufw deny proto tcp to any port 80
ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25
ufw allow from 10.0.0.0/8
Please note that these are both valid (and equivalent, as seen with 'ufw status'):
ufw allow 443
ufw allow to any port 443
This is also supported:
ufw allow from any port 443
So really it comes down to supporting 'ufw allow port 443'. This command is equivalent to both 'ufw allow 443' and 'ufw allow to any port 443'. As the 'simple syntax' should be a simple as possible and the 'extended syntax' mimics OpenBSD PF (and this would stray from that), and all of the above are equivalent, I do not plan on implementing 'ufw allow port 443'.