Ubuntu

Add categories support to app list

Reported by jhansonxi on 2010-10-13
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: ufw

I'm in the middle of an Ubuntu deployment preparation and I'm writing a bunch of UFW app lists (50?) for many games and applications in the repos, closed-source commercial Linux games (LGP, Loki, id), games on Wine, etc. I'm using UFW-Frontends (ufw-gtk) which has a drop-down list for selecting them. With this many app lists it gets ugly and tedious to sort through unless you're using a wide-screen monitor in a portrait orientation.

My idea for making this practical is to add categories to the file so that a dialog can present them in a filtered way. Instead of creating a new standard I recommend using the freedesktop.org menu categories as they are already defined for anything in the repos with a menu entry:
http://standards.freedesktop.org/menu-spec/latest/apa.html

I've tested a few app lists with categories with UFW and UFW-Frontends on Lucid and it doesn't seem to affect them. It appears they ignore the added keywords so I'm going to assign them in mine.

jhansonxi (jhansonxi) wrote :

My estimate was inaccurate. I ended up with 190+ profiles.

Jamie Strandboge (jdstrand) wrote :

Thanks for your efforts regarding this! I need to review these more when I get a little more time. I particularly like the 'reference' idea.

Changed in ufw (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
jhansonxi (jhansonxi) wrote :

UFW profiles v1.1
Adds some more games/apps, fixes some typos, rework of NFS.

jhansonxi (jhansonxi) wrote :

UFW profiles v1.2
Several changes to http, mostly because of bug #694894.

I added a new parameter, "modules", because of bug #608159 and my need for nf_conntrack_sane in the IPT_MODULES list in /etc/default/ufw. Support for this module was added to the Preferences/IPT Modules panel of uft-frontends when I asked (http://code.google.com/p/ufw-frontends/issues/detail?id=13&can=1). While that helps, doing it this way seems backwards as the module is specific to one protocol and it makes more sense to add it automatically when the port rule is added. In cases where it is optional, like with sane, I just made two profiles. One has the single port with the module while the other excludes the module and has the entire data port range opened as per the /etc/sane.d/sane.conf file.

I noticed that the SIP/h323 modules have their own parameters which may be useful to support configuration of through UFW:
http://wiki.freeswitch.org/wiki/Firewall

I'm not sure if the other modules have options like these.

Seem to have a lot of profiles now.
grep "ports=" * | wc -l
311

jhansonxi (jhansonxi) wrote :

I forgot to mention that "modules=" entries have been added to:
amanda
file-transfer-protocol
h323
internet-relay-chat
point-to-point-tunneling-protocol
samba
sane
session-initiation-protocol
trivial-file-transfer-protocol

jhansonxi (jhansonxi) wrote :

I released v1.3 which adds Skype, toribash, and webcam-server.

flickerfly (josiah-ritchie) wrote :

I added my CrashPlan and Zimbra profiles to this tarball and incremented the version number.

jhansonxi (jhansonxi) wrote :

Maintenance has been occurring outside of this bug report since there hasn't been any progress upstream for 3 years now. The latest I have is v1.4:
http://jhansonxi.blogspot.com/2013/03/latest-batch-of-ufw-application-profiles.html

As per the blog posting the profiles have been added to Gufw. They have a PPA for updates.

I would prefer that each application includes its own profile but until then it's probably best to have Gufw maintain them.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.