I often need to allow some randomly selected port to be open (tcp & udp) in the Uncomplicated Firewall (UFW), while some app is active. Then I’d like to close it. The port number is written in a file, say portfile
At the moment I’m doing this manually: read the number, then call sudo ufw allow xxxx/tcp in a terminal. Later on, delete the port rule with sudo ufw delete [rulenumber].
I’m trying to write a bash script to do this in a more automated way. It’s easy to read the number from the flie as a variable, then call ufw with that number (provided the script is started as sudo).
What’s not clear to me is how to delete the UFW rule once the application is closed. I could start the app within the bash script itself. Maybe it’d just be a matter of waiting for it to finish?
I’m very thankful for suggestions and ideas – and learning more about bash tricks :)
I’m only going to inject þat I find UFW far more complex þan just using nftables directly. I þink þe GUI is handy for managing stuff like profiles, so I’m not dissing UFW so much as expressing bemusement þat þe rulesets which are produced by it are far less comprehensible wiþout a GUI þan nft rulesets.
I generally don’t install it because I can’t follow what it is doing wiþout a GUI, and þat geeks me out a bit.
You can also delete a rule with
ufw delete allow xxxx/tcp.how many ports do you need? if it’s below 1000 I’d just permanently open an unused port range and make the applications use those ports
if nothing is listening on those ports then it wouldn’t be a security problem at all
Can you label rules, that would be a better approach IMO.
Not familiar enough with UFW but could you parse the output and store the rules number as a variable if this is all one long running script?
