[Feature Request] Add ability to allow by ip only

domkrm / domkrm-ufw

0 stars 7 forks source link

[Feature Request] Add ability to allow by ip only #2

Open Exidex opened 4 years ago

Exidex commented 4 years ago

As per title this module lacks the ability to add firewall rules that allow by ip. Bash examples can be found here https://help.ubuntu.com/community/UFW in section Allow by Specific IP

Thanks for creating the module

domkrm commented 4 years ago

It's already implemented:

ufw::allow { 'ssh-from-trusted':
  port => '22',
  from => '10.0.0.1'
}

Exidex commented 4 years ago

How do I do it for all ports? I mean there is no way to not specify port in your expression

domkrm commented 4 years ago

Ok, I understand.

Could you please try the following, but I don't know if this works:

ufw::allow { 'ssh-from-trusted':
  port => 'any',
  from => '10.0.0.1'
}

Otherwise I will add this ability to the module on monday.

Exidex commented 4 years ago

[user@user-pc ~]$ sudo ufw allow from 10.0.0.1 to any port any
ERROR: Could not find protocol
[user@user-pc ~]$ sudo ufw allow from 10.0.0.1 to tcp port any
ERROR: Bad destination address

cjonesau commented 4 years ago

Ok, I understand.

Could you please try the following, but I don't know if this works:
ufw::allow { 'ssh-from-trusted':
  port => 'any',
  from => '10.0.0.1'
}
Otherwise I will add this ability to the module on monday.

When setting port => 'any' You get an ERROR: Could not find protocol

Your module executes the rule as "sudo ufw allow from 10.0.0.1 to any port any", when it should be "sudo ufw allow from 10.0.0.1"