attachmentgenie-ufw icon indicating copy to clipboard operation
attachmentgenie-ufw copied to clipboard

Published 20 hours ago verified publisher icon attachmentgenie

Allow without TO

Open Kriechi opened this issue 9 years ago • 2 comments

What would be the equivalent of this simple ufw command? ufw allow ssh/tcp

I guess app profiles are not support at the moment? My main concern is that I do not want to have a "TO" parameter in my rules... I thinks thats the reason why no IPv6 rules are created if I use ufw::allow { ... }, because it only reads the first/main IPv4 address from the system. If I could let ufw decide that (dropping the TO stuff) it would work I assume?

Kriechi avatar Apr 30 '15 10:04 Kriechi

i'd very much welcome both, app profiles, and not using to.

igalic avatar May 04 '15 13:05 igalic

I ended up doing something like this at the moment:

define ufw::allow() {
  exec { "ufw-allow-${name}":
    command => "ufw allow '${name}'",
    path    => '/usr/sbin:/bin:/usr/bin',
    unless  => "ufw status verbose | grep -q '${name}.*ALLOW IN.*Anywhere'",
    require => [Exec['ufw-default-deny-incoming'], Exec['ufw-default-allow-outgoing']],
    before  => Exec['ufw-enable'],
  }
}

ufw::allow { 'SSH': }
ufw::allow { 'WWW Full': }
ufw::allow { '60000:60010/udp': }

Kriechi avatar May 04 '15 13:05 Kriechi