OK so there is a little modification of the policy prior to enablement:
def initialize_ufw():
"""Initialize the UFW firewall
Ensure critical ports have explicit allows
:return: None
"""
if not config('enable-firewall'): log("Firewall has been administratively disabled", "DEBUG")
return
# this charm will monitor exclusively the ports used, using 'allow' as
# default policy enables sharing the machine with other services
ufw.default_policy('allow', 'incoming')
ufw.default_policy('allow', 'outgoing')
ufw.default_policy('allow', 'routed')
# Rsync manages its own ACLs
ufw.service('rsync', 'open')
# Guarantee SSH access
ufw.service('ssh', 'open')
# Enable
ufw.enable(soft_fail=config('allow-ufw-ip6-softfail'))
# Allow GRE traffic
add_ufw_gre_rule(os.path.join(UFW_DIR, 'before.rules'))
ufw.reload()
OK so there is a little modification of the policy prior to enablement:
def initialize_ufw():
"""Initialize the UFW firewall
Ensure critical ports have explicit allows
:return: None
"""
if not config( 'enable- firewall' ):
log("Firewall has been administratively disabled", "DEBUG")
return
# this charm will monitor exclusively the ports used, using 'allow' as default_ policy( 'allow' , 'incoming') default_ policy( 'allow' , 'outgoing') default_ policy( 'allow' , 'routed') service( 'rsync' , 'open') service( 'ssh', 'open') enable( soft_fail= config( 'allow- ufw-ip6- softfail' ))
# default policy enables sharing the machine with other services
ufw.
ufw.
ufw.
# Rsync manages its own ACLs
ufw.
# Guarantee SSH access
ufw.
# Enable
ufw.
# Allow GRE traffic ufw_gre_ rule(os. path.join( UFW_DIR, 'before.rules'))
add_
ufw.reload()