Can UFW read in rules from multiple files?

Question

I see that UFW (UncomplicatedFireWall) will read in its rules from /lib/ufw/user.rules. However, it would be convenient if the rules could by split across multiple files, so that different servers can easily reuse different subsets of rules depending on the services they are running. For example:

/etc/ufw.d/ssh.rules
/etc/ufw.d/mongodb.rules

Is this possible? I couldn't find any reference to something like this in the documentation.

I can workaround this with something like cat /etc/ufw.d/* > /lib/ufw/user.rules during the configuration stage, but it would be easier if UFW had this built in. Does it? Or is there a better workaround than this?

Thanks a lot.

score 1 · Answer 1 · answered Jan 22 '20 at 13:46

I wrote a tool that lets UFW read IP addresses and/or ports from files to deny and/or allow them. It's not your ideal solution, as it's not built into UFW and full support is only guaranteed for BASH, but maybe it still can help you.

https://github.com/theAkito/serving-hookers#ufw-rules-applier-from-file

(I won't paste the code here, as it is too long and it will change frequently, anyway.)

Can UFW read in rules from multiple files?

1 Answers1