ufw needs hooks to execute commands pre/post firewall startup/shutdown
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Fix Released
|
Wishlist
|
Jamie Strandboge | ||
ufw (Ubuntu) |
Fix Released
|
Wishlist
|
Jamie Strandboge |
Bug Description
Some commands related to iptables must be executed in conjunction with starting/stopping a firewall in order for the correct operation of the firewall. UFW currently does not provide the ability to run those commands without hacking its source code.
My specific use case: I must deploy machines to my customer, on which I must block certain countries' IP ranges. The most efficient method of doing this is to use the ipset utilities. I can insert ipset-matching firewall rules via iptables commands in the /etc/ufw/
My current workaround choices are:
1) Write a separate init script to define ipsets and configure it to execute before ufw. I don't like this option because user error could cause this script to not execute first, and then ufw would not start properly.
2) Hack ufw init scripts (/lib/ufw/
My proposal:
Implement 4 hook shell script files that are called by UFW's init scripts pre-start, post-start, pre-stop, and post-stop. These should be stored in /etc/ufw/ and marked as config files so that they are not overwritten on ufw upgrade. They should default to being empty scripts, and sysadmins could then choose to populate them with whatever commands are necessary for their individual deployments.
ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: ufw 0.33-0ubuntu2
ProcVersionSign
Uname: Linux 3.5.0-17-generic x86_64
ApportVersion: 2.6.1-0ubuntu6
Architecture: amd64
Date: Wed Nov 7 09:13:03 2012
InstallationDate: Installed on 2011-08-29 (435 days ago)
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
MarkForUpload: True
PackageArchitec
SourcePackage: ufw
UpgradeStatus: Upgraded to quantal on 2012-10-22 (15 days ago)
Related branches
Changed in ufw (Ubuntu): | |
status: | Triaged → In Progress |
Changed in ufw (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in ufw: | |
milestone: | none → 0.34 |
Changed in ufw: | |
status: | Fix Committed → Fix Released |
Thank you for filing a bug. I think this is an interesting request and would be generally useful.