Feature Request: add "raw" rule command
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ufw |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
Please, consider adding a "raw" rule command in ufw that would allow adding a direct iptables command to user rules.
The rationale for implementing this as a rule and not resorting to manipulate the ufw framework is simple: rules are shown when `ufw status` is issued; ufw framework actions are not. Not all things
should be kept at the dark. Having a raw rule command for the occasional "advanced" manipulation and be able to see it printed with `ufw status` is far more uncomplicated than editing files with iptables-restore format.
The parsing of the command arguments would proceed like this:
if the first argument after "ufw raw" is not (brackets denote a character range) "-[ADEFINRX]"
then
the underlying iptables' command is: -A ufw-user-input {all arguments}
else
the second argument is a chain
the underlying iptables' command is: -[ADEFINRX] chain {3rd and rest arguments}
The chain operations set can be limited; basically what is needed is the ability to create a new chain and add to it, so that it can be specified as target in a raw command. Also it can (and probably should) restricted only to user-supplied chains.
The benefit of implementing such a feature is that it provides a single service point for many feature requests; for example, it would also provide a usable solution to bugs #801833 and #1571579. That would keep low the need to implement additional future parser objects and commands, each for a specific subset of all that can be accomplished with raw commands.
------------
ufw version: 0.36
distribution: Devuan chimarea/ceres
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in ufw: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| importance: | Medium → Wishlist |
I agree this would be a nice feature.