ufw
— Uncomplicated Firewall rules
The ufw
check lists the rules defined in Uncomplicated Firewall (ufw), and asserts that rules are present or missing.
Examples
Check that the firewall allows outbound HTTPS:
[[ufw]] port = 443 protocol = 'tcp' allow = 'Anywhere'
List of parameters
parameter | structure | description |
---|---|---|
port | number, or string | The port, or range of ports, to check. |
protocol | string | The protocol of the rule. This can be 'tcp' or 'udp' . |
state | string | The state of the rule. This can be 'present' or 'missing' . |
allow | string | Whether the rule is for allowing or denying. |
ipv6 | boolean | Whether to check for IPv6. |
Running ufw
as root
Ordinary users aren’t allowed to see the table of firewall rules, so the only way to get at them is to run ufw
as root.
This causes problems for Specsheet, which runs programs as the same user that runs it.
You can work around this using global options.
Either run ufw
with sudo
separately and point Specsheet to ufw
’s output:
$ sudo ufw status > /tmp/ufw_status $ specsheet spec.toml -O ufw.output=/tmp/ufw/status $ rm /tmp/ufw_status
Or, if ufw
is the only program being overridden, you can avoid creating a temporary file and pipe its output in directly:
$ sudo ufw status | specsheet spec.toml -O ufw.output=-