ufw — Uncomplicated Firewall rules
The ufw check lists the rules defined in Uncomplicated Firewall (ufw), and asserts that rules are present or missing.
Examples
Check that the firewall allows outbound HTTPS:
[[ufw]] port = 443 protocol = 'tcp' allow = 'Anywhere'
List of parameters
| parameter | structure | description |
|---|---|---|
| port | number, or string | The port, or range of ports, to check. |
| protocol | string | The protocol of the rule. This can be 'tcp' or 'udp'. |
| state | string | The state of the rule. This can be 'present' or 'missing'. |
| allow | string | Whether the rule is for allowing or denying. |
| ipv6 | boolean | Whether to check for IPv6. |
Running ufw as root
Ordinary users aren’t allowed to see the table of firewall rules, so the only way to get at them is to run ufw as root.
This causes problems for Specsheet, which runs programs as the same user that runs it.
You can work around this using global options.
Either run ufw with sudo separately and point Specsheet to ufw’s output:
$ sudo ufw status > /tmp/ufw_status $ specsheet spec.toml -O ufw.output=/tmp/ufw/status $ rm /tmp/ufw_status
Or, if ufw is the only program being overridden, you can avoid creating a temporary file and pipe its output in directly:
$ sudo ufw status | specsheet spec.toml -O ufw.output=-