Ubuntu
ufw package

Add a comment to a rule

Asked by Andy Loughran

Would it be possible to add a comment to a rule so that the SysAdmin is fully aware of why that rule is in place? Maybe also see a log of when the rules were added/removed and such:

eg:

ufw allow from 123.123.123.123 -c "Added Andy's dynamic IP address for access to the system from his house"

It would help in removing rules for dynamic IPs that don't change too often, and for more complicated systems help document which systems integrate, for example if port 8080 was allowed for a tomcat instance that gets removed from a server, or if a remote connection from a certain IP was enabled for a certain service.

Kind Regards,

Andy Loughran

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu ufw Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Thomas Krüger (thkrueger) said : 		#1

ufw is just a frontend to the netfilter firewall in the kernel. netfilter does not support comments, so ufw can't support them as well.
You should add such IPs in a rule file (where you can add comments) and apply the rules file. In general admins should use the rule files for doing changes. Direct access to the firewall rules should be prevented, since it somehow breaks the idea of ufw as an abstraction layer for netfilter.

Can you help with this problem?

Provide an answer of your own, or ask Andy Loughran for more information if necessary.

To post a message you must log in.