It is too hard to monitor the firewall's status
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Opinion
|
Undecided
|
Unassigned |
Bug Description
I wish to see on my desktop, constantly, whether ufw's status is active or not. To that end I use a conky and a lua script that conky runs every fifteen seconds or so. The lua script runs `sudo ufw status` and checks the first line of the output.
Here are the problems.
1) I need a sudoers entry for `sudo ufw status`.
2) `sudo ufw status` writes to my authentication log repeatedly.
3) Of the large output from the status command I need only the first line; generating the rest of the output is a waste.
The more-or-less corresponding areas of possible improvement are as follows.
a) Implement a simplified version of the status command - one that shows only 'active' or 'inactive'.
b) Allow that simplified command to run without sudo.
Surely my use case or one similar to it is common,
ufw 0.36.1
Linux Mint 21
ufw status will talk to the kernel as part of seeing if the firewall is up and this requires root permissions. The sudoers entry is your best bet right now.
A dbus service with policykit for ufw could be written which would address this. This may happen at some point, but is not planned.
If all you want is inactive vs active, you could check `systemctl status ufw` or read the value of ENABLED out of /etc/ufw/ufw.conf.