ufw manpage bug (some usage missing), suggested improvements to -help

Bug #1155292 reported by Dan Pritts on 2013-03-14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)

Bug Description

the ufw manpage USAGE summary (top of manpage) does not list the syntax for adding app profiles to your firewall.

       ufw [--dry-run] enable|disable|reload

       ufw [--dry-run] default allow|deny|reject [incoming|outgoing]

       ufw [--dry-run] logging on|off|LEVEL

       ufw [--dry-run] reset

       ufw [--dry-run] status [verbose|numbered]

       ufw [--dry-run] show REPORT

       ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] PORT[/protocol]

       ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] [proto protocol] [from ADDRESS [port PORT]] [to
       ADDRESS [port PORT]]

       ufw [--dry-run] delete NUM

       ufw [--dry-run] app list|info|default|update

I'd suggest something like:

       ufw [--dry-run] [delete] [insert NUM] allow|deny|reject|limit [in|out] [log|log-all] [ PORT[/protocol] | AppProfileName ]

...assuming that all the potential arguments are valid when you use an application profile name.

Additionally, the ufw --help text doesn't really explain this either.
# ufw help

Usage: ufw COMMAND

 enable enables the firewall
 disable disables the firewall
 default ARG set default policy
 logging LEVEL set logging to LEVEL
 allow ARGS add allow rule
 deny ARGS add deny rule
 reject ARGS add reject rule
 limit ARGS add limit rule
 delete RULE|NUM delete RULE
 insert NUM RULE insert RULE at NUM
 reset reset firewall
 status show firewall status
 status numbered show firewall status as numbered list of RULES
 status verbose show verbose firewall status
 show ARG show firewall report
 version display version information

Application profile commands:
 app list list application profiles
 app info PROFILE show information on PROFILE
 app update PROFILE update PROFILE
 app default ARG set default application policy

I'd suggest changing:

allow ARGS|AppProfile add allow rule or enable an application profile

...and presumably something similar for "deny." You might alternately put something like this in the Application Profile commands section:

Application profile commands:
 app list list application profiles
 app info PROFILE show information on PROFILE
 app update PROFILE update PROFILE
 app default ARG set default application policy
 allow PROFILE add allow rules defined in PROFILE


Related branches

Dan Pritts (danpritts) wrote :

Hmm, while you are looking at the man page, perhaps add a FILES section at the end.



putting the config files in /lib is arguably a bug, too, but I won't debate that here.


Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ufw (Ubuntu):
status: New → Confirmed
Changed in ufw (Ubuntu):
status: Confirmed → In Progress
importance: Undecided → Low
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.34-0ubuntu1

ufw (0.34-0ubuntu1) wily; urgency=medium

  * New upstream release (LP: #1434525, LP: #1438647, LP: #1155292,
    Closes: 792753). Drop following patches included upstream:
    - 0002-lp1044361.patch
    - 0003-fix-typeerror-on-error.patch
    - 0004-lp1039729.patch
    - 0005-lp1191197.patch
  * Merge in Ubuntu packaging:
    - debian/ufw.postinst:
      + drop old reload of policy for upgrades to 0.30.1-2
      + add new ufw[6]-track-forward primary chains on upgrade
    - Install the SysV init and upstart script for both Debian and Ubuntu.
      Debian has upstart too, and in Ubuntu we need the init script for LSB
      dependencies and for systemd. (LP: #1341083)
      + Rename debian/ufw.init.debian to debian/ufw.init
      + Rename debian/ufw.upstart.ubuntu to debian/ufw.upstart
      + Remove all the distro specific code from debian/rules and just call
        dh_installinit (thus removing lsb-release from Build-Depends-Indep).
    - Drop the distro specific logrotate configs, and use the ubuntu one with
      "rotate" instead of "reload" everywhere, as Debian's rsyslog init also
      supports "rotate".
    - Add a systemd unit:
      + Add debian/ufw.service
      + Add dh-systemd build dep.
      + debian/rulles: Call dh_systemd_{enable,start}.
    - Don't include Debian version in the python module version (LP: #1465549)
  * debian/copyright: follow copyright-format/1.0
  * debian/po/pt_BR.po: add Brazilian Portuguese of debconf templates. Thanks
    to Adriano Rafael Gomes (Closes: 770453)
  * update debian/before[6].rules.md5sum
  * debian/ufw.lintian-overrides:
    - usr/share/ufw/after.init and before.init are intentionally not
    - we intentionally do not stop the firewall with init.d script
  * debian/control: Build-Depends-Indep on procps (needed by testsuite for
  * debian/ufw.dirs, debian/rules: copy bash completions to
  * debian/rules: run 'make clean' after running the testsuite since the
    testsuite creates a build/ directory not that would be reused
  * debian/ufw.postrm: remove after.init and before.init on purge

 -- Jamie Strandboge <email address hidden> Thu, 20 Aug 2015 08:34:19 -0500

Changed in ufw (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers