Commit Graph

7 Commits (cb4173957c0d0a590a870afa7329d01f6c648e1f)

Author SHA1 Message Date
Chris Lamb 8d7d070201 system/ufw.py: Add security warning re. removing ufw application prof…
It's not particularly obvious that removing an application will remove it
from ufw's own state, potentially leaving ports open on your box if you
upload your configuration.

Whilst this applies to a lot of things in Ansible, firewall rules might
cross some sort of line that justifies such a warning in his instance.

Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
9 years ago
Greg DeKoenigsberg 004dedba8a Changes to author formatting, remove emails 10 years ago
Nicolas Brisac bc440ade79 Allow filtering of routed/forwarded packets
MAN page states the following :

    Rules for traffic not destined for the  host  itself  but  instead  for
    traffic  that  should  be  routed/forwarded through the firewall should
    specify the  route  keyword  before  the  rule  (routing  rules  differ
    significantly  from  PF  syntax and instead take into account netfilter
    FORWARD chain conventions). For example:

        ufw route allow in on eth1 out on eth2

This commit introduces a new parameter "route=yes/no" to allow just that.
10 years ago
Toshio Kuratomi 88eff11c04 Many more doc fixes 10 years ago
Greg DeKoenigsberg 1c662556e9 Adding author's github id 10 years ago
Chris West 613b3bdda0 Enable "ufw default allow routed"
* The policy is shown in `status verbose`, so all the check mode stuff should keep working.
 * `--dry-run` works as expected.
 * No idea whether it's legal as an argument to `interface`
10 years ago
Michael DeHaan b1e789968b File extensions! 10 years ago