Public bug reported:
Binary package hint: ufw
I do not know if this is a "bug report" or a feature request ...
If there is a better mechanism to give feedback, feel free to let me
know ;)
At any rate, it would be nice if there were an easier way to modify UFW
rules. The "problem" is iptables processes rules in order.
So say we have a long list of ufw rules.
Start with default deny.
Now say we are running a mix of public and private servers ... so we
generate a list of allows
# Public server
ufw allow 80
# "Public# ssh access
ufw allow 22
# Private Samba server
ufw allow proto tcp from 192.168.1.0/24 to 192.168.1.0/24 port 135
ufw allow proto tcp from 192.168.1.0/24 to 192.168.1.0/24 port 139
ufw allow proto tcp from 192.168.1.0/24 to 192.168.1.0/24 port 445
ufw allow proto udp from 192.168.1.0/24 to 192.168.1.0/24 port 137
ufw allow proto udp from 192.168.1.0/24 to 192.168.1.0/24 port 138
Now say we are monitoring our network, and find someone is exploiting
ssh and or port 80 :(
Say the ip address is 111.222.3.44
If we simply
ufw deny 111.222.3.44 => it will not block this IP (because it was
allowed earlier in the chain).
So it is either a manual edit to /etc/ufw/before.rules (assuming someone
also understands IP Tables syntax, that they know to edit
/etc/ufw/before.rules, and where they need to add the rule :) )
-A ufw-before-input -s 111.222.3.44 -j DROP #Assuming no loging is
desired of course)
==================
So i suggest two things (sorry for the long background):
ufw -n # deny 111.222.3.44
where the -n # specifies where to insert the rule
ufw -n 1 111.222.3.44
which would put the rule at the top of the chain :)
** Affects: ufw (Ubuntu)
Importance: Undecided
Status: New
--
Editing UFW rules
https://bugs.launchpad.net/bugs/260745
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
