Add option to delete rules by "tag" instead of number
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ufw |
Confirmed
|
Wishlist
|
Unassigned | ||
Bug Description
This for the wishlist.
The option for deleting rules seems a little bit, too much "human dependent".
My proposal is to provide an option to add a "tag" rules. This "tag" could be used for one or multiple rules, and addressing them (for deletion) would be much more convenient than the "numbered" procedure.
Use case:
Hosts with dynamic DNSs where the IP changes regularly. Adding a new rule in ufw is trivial, but what about deleting the old, no longer needed rule?
Similarly, we could "tag" devices to, i.e. users.
For example:
- The "user1" is on IP1: We tag create a rule for IP1 tagged as "user1"
- The "user1" goes offline: We delete the rule (or rules) tagged as "user1"
The tag options should not be much more difficult to add than the "comment" one. The only different is that it should be addressable from the "delete" option.
I think that this would be a real deal when thinking about moving towards Zero-Trust networking with ufw.
How we discover the IPs or whether they are inactive... that's our problem. But at least let us have some mechanism to update the firewall rules conveniently :)
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in ufw: | |
| importance: | Undecided → Wishlist |
| status: | New → Confirmed |
This is an interesting idea and I see the potential for several different use cases. Thanks!