Allow without TO

[Kriechi]

What would be the equivalent of this simple ufw command? ufw allow ssh/tcp

I guess app profiles are not support at the moment? My main concern is that I do not want to have a "TO" parameter in my rules... I thinks thats the reason why no IPv6 rules are created if I use ufw::allow { ... }, because it only reads the first/main IPv4 address from the system. If I could let ufw decide that (dropping the TO stuff) it would work I assume?

[igalic]

i'd very much welcome both, app profiles, and not using to.

[Kriechi]

I ended up doing something like this at the moment:

define ufw::allow() {
  exec { "ufw-allow-${name}":
    command => "ufw allow '${name}'",
    path    => '/usr/sbin:/bin:/usr/bin',
    unless  => "ufw status verbose | grep -q '${name}.*ALLOW IN.*Anywhere'",
    require => [Exec['ufw-default-deny-incoming'], Exec['ufw-default-allow-outgoing']],
    before  => Exec['ufw-enable'],
  }
}

ufw::allow { 'SSH': }
ufw::allow { 'WWW Full': }
ufw::allow { '60000:60010/udp': }