Comment 0 for bug 1624907

Revision history for this message
ovdeathiam (ovdeathiam) wrote :

The firewall works as a frontent for ufw but it is not able to show many of ufw's configurations properly. The attached screenshot is from my firewall window and here is the same ufw configuration from the cli:
     To Action From
     -- --------- -
[ 1] 22 ALLOW IN Anywhere
[ 2] 5900 ALLOW IN Anywhere
[ 3] 9091 ALLOW IN Anywhere
[ 4] Anywhere DENY IN
[ 5] Anywhere DENY IN
[ 6] Anywhere DENY IN
[ 7] DENY OUT Anywhere (out)
[ 8] DENY OUT Anywhere (out)
[ 9] DENY OUT Anywhere (out)

Functionality missing comparing to ufw:
* setting rules for entire subnets
* setting rule direction (outbound or inbound)
* commenting on rules
* adding rules onto specific place on the list since rule order does matter in firewalls

Why this is all important on simple setups:
* We can't restrict ssh to allow only LAN connections
* We can't block a malicius subnets
* Rule order is important on firewalls and the only way to change first rule on 9 rule firewall via gui is currently to remove all rules and readd them in the correct order.

Aditional thoughts:
* Adding a single rule always creates two rules (ipv4, ipv6) which is confusing at first
* distinguishing between ipv4 and ipv6 is a blue checkbox which is missleading because at first everyone ive asked thought that these were rule on/off switches.