Ubuntu
ufw package

user.rules.d (Or other multi-file method)

Asked by Pdlovelace

I'm trying to utilize ansible to manage firewall rules and I'm having trouble because of the single user rules file. I'm not able to figure out how to manage the set of rules associated with "remote IPs allowed to access the Database" and "remote IPs allowed to access SSH" without stepping on one set or the other.
Is there a way to use a user.rules.d folder or is there a reason this functionality was never added?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu ufw Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Jamie Strandboge (jdstrand) said : 		#1

Generally speaking, the user*.rules files are managed by the ufw command and are not intended to managed be another application (see 'man ufw-framework'). You're free to use manage the other *.rules files as desired.

That said, I'm not sure what ansible is doing wrt ufw, but if it is using the 'ufw' command to drive updating the firewall, that should work fine. If it is updating user*.rules files directly, that may not work as well (especially across ufw minor versions (eg, 0.36 and 0.37 maybe have different syntax). Do keep in mind that rule order matters: earlier rules that match will short-circuit later rules.

Hope this helps!

Can you help with this problem?

Provide an answer of your own, or ask Pdlovelace for more information if necessary.

To post a message you must log in.