Open Kriechi opened 9 years ago
i'd very much welcome both, app profiles, and not using to.
I ended up doing something like this at the moment:
define ufw::allow() {
exec { "ufw-allow-${name}":
command => "ufw allow '${name}'",
path => '/usr/sbin:/bin:/usr/bin',
unless => "ufw status verbose | grep -q '${name}.*ALLOW IN.*Anywhere'",
require => [Exec['ufw-default-deny-incoming'], Exec['ufw-default-allow-outgoing']],
before => Exec['ufw-enable'],
}
}
ufw::allow { 'SSH': }
ufw::allow { 'WWW Full': }
ufw::allow { '60000:60010/udp': }
What would be the equivalent of this simple ufw command?
ufw allow ssh/tcp
I guess app profiles are not support at the moment? My main concern is that I do not want to have a "TO" parameter in my rules... I thinks thats the reason why no IPv6 rules are created if I use
ufw::allow { ... }
, because it only reads the first/main IPv4 address from the system. If I could let ufw decide that (dropping the TO stuff) it would work I assume?