Skip to content
This repository has been archived by the owner on May 30, 2023. It is now read-only.

Remove UFW dependency of nomad-firewall. #21

Open
azubieta opened this issue May 7, 2018 · 3 comments
Open

Remove UFW dependency of nomad-firewall. #21

azubieta opened this issue May 7, 2018 · 3 comments
Labels
feature-request Issues to discuss future features to be added to this software.

Comments

@azubieta
Copy link
Member

azubieta commented May 7, 2018
edited by UriHerrera
Loading

UFW back-end contains a lot of legacy code from the former Kufw which currently is buggy and hard to maintain.

We will change to a more simpler approach in order to ease future maintenance without losing functionalities.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@azubieta azubieta mentioned this issue May 16, 2018
Open
@Conan-Kudo
Copy link

Are you considering interfacing with something like firewalld? It'd be awesome to have a nice KCM for it. :)

@azubieta
Copy link
Member Author

azubieta commented May 17, 2018
edited by UriHerrera
Loading

Actually, we are going to communicate directly with iptables or nftables.
We want to do something simpler. Both ufw and firewald are quite nice tools but for a basic user, they are still complex tools. This #22 is what are we trying to support, something dead simple that give to those users systems an extra layer of security.

Also, you should be thinking right now, there are a lot of functionalities that will not be supported. You are right. But we also think that if a user knows what a firewall is an how to set it up properly they should be able to open a CLI and type a few commands. What do you think?

But don't worry we do plan to allow defining custom rules and we will provide a list of presets based on the /etc/services listing.

@Conan-Kudo If you have experience with firewalls you can help us to improve the predefined profiles, go to issue #22 and feel free to drop your thoughts. The development is in the "new_implementation" branch.

@Conan-Kudo
Copy link

Conan-Kudo commented May 17, 2018
edited
Loading

Both ufw and firewald are quite nice tools but for a basic user they are still complex tools.

I'm not sure that's strictly true. While it's been a while since I've used ufw, FirewallD has a "simple" mode interface, operating on the principle of services, zones, and modes. In a lot of cases, you can just ignore zones and modes if you don't care for them...

The chief advantage of FirewallD (aside from the fact that it's shipped in nearly every major distribution, and two major distribution families are using it by default now) is exactly that it offers a way to provide "basic" firewall management with a very easy way to go to more advanced layers when you need to. In addition, the main interface doesn't need to be privileged to manipulate the firewall, it can just talk to the daemon over D-Bus to adjust the firewall state.

Even the elementary OS guys intend to move from ufw to FirewallD for their firewall backend, for these reasons.

@UriHerrera UriHerrera added bug Issues caused by flaws, faults or unexpected behavior in the software. feature-request Issues to discuss future features to be added to this software. labels Oct 8, 2018
@UriHerrera UriHerrera removed the bug Issues caused by flaws, faults or unexpected behavior in the software. label Apr 23, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature-request Issues to discuss future features to be added to this software.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Conan-Kudo @azubieta @UriHerrera