From 74f623f8d607c050db8f62ea4996c4e6aae43268 Mon Sep 17 00:00:00 2001 From: Kelly Brazil Date: Wed, 21 Apr 2021 16:55:14 -0700 Subject: [PATCH] add support for rule comments and LIMIT and REJECT actions --- docs/parsers/ufw.md | 13 +++++++++++- jc/parsers/ufw.py | 25 ++++++++++++++++++++++-- tests/fixtures/generic/ufw-numbered.json | 2 +- tests/fixtures/generic/ufw.json | 2 +- tests/fixtures/generic/ufw.out | 12 ++++++------ 5 files changed, 43 insertions(+), 11 deletions(-) diff --git a/docs/parsers/ufw.md b/docs/parsers/ufw.md index f1fc7045..d9b117a5 100644 --- a/docs/parsers/ufw.md +++ b/docs/parsers/ufw.md @@ -43,7 +43,8 @@ Schema: "from_transport": string, # null if from_service is set "from_start_port": integer, # null if from_service is set "from_end_port": integer, # null if from_service is set - "from_service": string # null if any above are set + "from_service": string, # null if any above are set + "comment": string # null if no comment } ] } @@ -70,6 +71,7 @@ Examples: "to_service": null, "to_ip": "0.0.0.0", "to_ip_prefix": "0", + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -90,6 +92,7 @@ Examples: "to_service": null, "to_ip": "::", "to_ip_prefix": "0", + "comment": null, "from_ip": "::", "from_ip_prefix": "0", "from_interface": "any", @@ -110,6 +113,7 @@ Examples: "to_end_port": null, "to_ip": "0.0.0.0", "to_ip_prefix": "0", + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -130,6 +134,7 @@ Examples: "to_start_port": 0, "to_end_port": 65535, "to_service": null, + "comment": null, "from_ip": "::", "from_ip_prefix": "0", "from_interface": "any", @@ -150,6 +155,7 @@ Examples: "to_start_port": 0, "to_end_port": 65535, "to_service": null, + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -181,6 +187,7 @@ Examples: "to_service": null, "to_ip": "0.0.0.0", "to_ip_prefix": "0", + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -201,6 +208,7 @@ Examples: "to_service": null, "to_ip": "::", "to_ip_prefix": "0", + "comment": null, "from_ip": "::", "from_ip_prefix": "0", "from_interface": "any", @@ -221,6 +229,7 @@ Examples: "to_end_port": null, "to_ip": "0.0.0.0", "to_ip_prefix": "0", + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -241,6 +250,7 @@ Examples: "to_start_port": "0", "to_end_port": "65535", "to_service": null, + "comment": null, "from_ip": "::", "from_ip_prefix": "0", "from_interface": "any", @@ -261,6 +271,7 @@ Examples: "to_start_port": "0", "to_end_port": "65535", "to_service": null, + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", diff --git a/jc/parsers/ufw.py b/jc/parsers/ufw.py index d3cae5cf..ea98d15f 100644 --- a/jc/parsers/ufw.py +++ b/jc/parsers/ufw.py @@ -40,7 +40,8 @@ Schema: "from_transport": string, # null if from_service is set "from_start_port": integer, # null if from_service is set "from_end_port": integer, # null if from_service is set - "from_service": string # null if any above are set + "from_service": string, # null if any above are set + "comment": string # null if no comment } ] } @@ -67,6 +68,7 @@ Examples: "to_service": null, "to_ip": "0.0.0.0", "to_ip_prefix": "0", + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -87,6 +89,7 @@ Examples: "to_service": null, "to_ip": "::", "to_ip_prefix": "0", + "comment": null, "from_ip": "::", "from_ip_prefix": "0", "from_interface": "any", @@ -107,6 +110,7 @@ Examples: "to_end_port": null, "to_ip": "0.0.0.0", "to_ip_prefix": "0", + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -127,6 +131,7 @@ Examples: "to_start_port": 0, "to_end_port": 65535, "to_service": null, + "comment": null, "from_ip": "::", "from_ip_prefix": "0", "from_interface": "any", @@ -147,6 +152,7 @@ Examples: "to_start_port": 0, "to_end_port": 65535, "to_service": null, + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -178,6 +184,7 @@ Examples: "to_service": null, "to_ip": "0.0.0.0", "to_ip_prefix": "0", + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -198,6 +205,7 @@ Examples: "to_service": null, "to_ip": "::", "to_ip_prefix": "0", + "comment": null, "from_ip": "::", "from_ip_prefix": "0", "from_interface": "any", @@ -218,6 +226,7 @@ Examples: "to_end_port": null, "to_ip": "0.0.0.0", "to_ip_prefix": "0", + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -238,6 +247,7 @@ Examples: "to_start_port": "0", "to_end_port": "65535", "to_service": null, + "comment": null, "from_ip": "::", "from_ip_prefix": "0", "from_interface": "any", @@ -258,6 +268,7 @@ Examples: "to_start_port": "0", "to_end_port": "65535", "to_service": null, + "comment": null, "from_ip": "0.0.0.0", "from_ip_prefix": "0", "from_interface": "any", @@ -329,6 +340,16 @@ def _parse_to_from(linedata, direction, rule_obj=None): else: rule_obj['index'] = None + # pull out comments, if they exist + if direction == 'from': + RE_COMMENT = re.compile(r'#.+$') + comment_match = re.search(RE_COMMENT, linedata) + if comment_match: + rule_obj['comment'] = comment_match.group(0).lstrip('#').strip() + linedata = re.sub(RE_COMMENT, '', linedata) + else: + rule_obj['comment'] = None + # pull (v6) RE_V6 = re.compile(r'\(v6\)') v6_match = re.search(RE_V6, linedata) @@ -481,7 +502,7 @@ def parse(data, raw=False, quiet=False): # Split on action. Left of Action is 'to', right of Action is 'from' rule_obj = {} - splitline = re.split(r'(ALLOW IN|ALLOW OUT|DENY IN|DENY OUT|ALLOW|DENY)', line) + splitline = re.split(r'(ALLOW IN|ALLOW OUT|ALLOW FWD|DENY IN|DENY OUT|DENY FWD|LIMIT IN|LIMIT OUT|LIMIT FWD|REJECT IN|REJECT OUT|REJECT FWD|ALLOW|DENY|LIMIT|REJECT)', line) to_line = splitline[0] action_line = splitline[1] action_list = action_line.split() diff --git a/tests/fixtures/generic/ufw-numbered.json b/tests/fixtures/generic/ufw-numbered.json index f9f97a09..cf8ab6cf 100644 --- a/tests/fixtures/generic/ufw-numbered.json +++ b/tests/fixtures/generic/ufw-numbered.json @@ -1 +1 @@ -{"status":"active","logging":"on","logging_level":"low","default":"deny (incoming), allow (outgoing), deny (routed)","new_profiles":"skip","rules":[{"action":"ALLOW","action_direction":"IN","index":1,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"OUT","index":2,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":null,"index":3,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"OUT","index":4,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.7","from_ip_prefix":"32","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":null,"index":5,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":6,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"en0","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":7,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_interface":"en1","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"64","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":8,"network_protocol":"ipv4","to_interface":"any","to_transport":"any","to_start_port":80,"to_end_port":80,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":9,"network_protocol":"ipv6","to_interface":"any","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":10,"network_protocol":"ipv4","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":11,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"IN","index":12,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"OpenSSH","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":13,"network_protocol":"ipv4","to_interface":"enp34s0","to_ip":"10.10.10.10","to_ip_prefix":"32","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"from_interface":"any","from_ip":"127.0.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":8000,"from_end_port":8000,"from_service":null},{"action":"ALLOW","action_direction":null,"index":14,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":50200,"to_end_port":50300,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":15,"network_protocol":"ipv6","to_ip":"::","to_ip_prefix":"0","to_interface":"any","to_transport":"any","to_start_port":0,"to_end_port":65535,"to_service":null,"from_interface":"any","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"128","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null}]} +{"status":"active","logging":"on","logging_level":"low","default":"deny (incoming), allow (outgoing), deny (routed)","new_profiles":"skip","rules":[{"action":"ALLOW","action_direction":"IN","index":1,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"OUT","index":2,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":null,"index":3,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_interface":"any","from_ip":"192.168.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"OUT","index":4,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_interface":"any","from_ip":"192.168.0.7","from_ip_prefix":"32","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":null,"index":5,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_interface":"any","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":6,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_interface":"en0","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":7,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_interface":"en1","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"64","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":8,"network_protocol":"ipv4","to_interface":"any","to_transport":"any","to_start_port":80,"to_end_port":80,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":9,"network_protocol":"ipv6","to_interface":"any","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":10,"network_protocol":"ipv4","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":11,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"IN","index":12,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"OpenSSH","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":13,"network_protocol":"ipv4","to_interface":"enp34s0","to_ip":"10.10.10.10","to_ip_prefix":"32","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"comment":null,"from_interface":"any","from_ip":"127.0.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":8000,"from_end_port":8000,"from_service":null},{"action":"ALLOW","action_direction":null,"index":14,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":50200,"to_end_port":50300,"to_service":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":15,"network_protocol":"ipv6","to_ip":"::","to_ip_prefix":"0","to_interface":"any","to_transport":"any","to_start_port":0,"to_end_port":65535,"to_service":null,"comment":null,"from_interface":"any","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"128","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null}]} diff --git a/tests/fixtures/generic/ufw.json b/tests/fixtures/generic/ufw.json index 35157b64..44f6edc5 100644 --- a/tests/fixtures/generic/ufw.json +++ b/tests/fixtures/generic/ufw.json @@ -1 +1 @@ -{"status":"active","logging":"on","logging_level":"low","default":"deny (incoming), allow (outgoing), deny (routed)","new_profiles":"skip","rules":[{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"OUT","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"OUT","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.7","from_ip_prefix":"32","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"en0","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_interface":"en1","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"64","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"any","to_start_port":80,"to_end_port":80,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"OpenSSH","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"enp34s0","to_ip":"10.10.10.10","to_ip_prefix":"32","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"from_interface":"any","from_ip":"127.0.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":8000,"from_end_port":8000,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":50200,"to_end_port":50300,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv6","to_ip":"::","to_ip_prefix":"0","to_interface":"any","to_transport":"any","to_start_port":0,"to_end_port":65535,"to_service":null,"from_interface":"any","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"128","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null}]} +{"status":"active","logging":"on","logging_level":"low","default":"deny (incoming), allow (outgoing), deny (routed)","new_profiles":"skip","rules":[{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"OUT","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":"nice comment","from_interface":"any","from_ip":"192.168.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"OUT","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_interface":"any","from_ip":"192.168.0.7","from_ip_prefix":"32","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_interface":"any","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_interface":"en0","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":"FWD","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","comment":"commenting this rule","from_interface":"en1","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"64","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"any","to_start_port":80,"to_end_port":80,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":null,"from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"REJECT","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","comment":"a comment","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"OpenSSH","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"enp34s0","to_ip":"10.10.10.10","to_ip_prefix":"32","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"comment":null,"from_interface":"any","from_ip":"127.0.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":8000,"from_end_port":8000,"from_service":null},{"action":"DENY","action_direction":"FWD","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":50200,"to_end_port":50300,"to_service":null,"to_ip":"::","to_ip_prefix":"0","comment":null,"from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"LIMIT","action_direction":null,"index":null,"network_protocol":"ipv6","to_ip":"::","to_ip_prefix":"0","to_interface":"any","to_transport":"any","to_start_port":0,"to_end_port":65535,"to_service":null,"comment":"this is a comment","from_interface":"any","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"128","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null}]} diff --git a/tests/fixtures/generic/ufw.out b/tests/fixtures/generic/ufw.out index 99bca0f5..96e0ce94 100644 --- a/tests/fixtures/generic/ufw.out +++ b/tests/fixtures/generic/ufw.out @@ -7,16 +7,16 @@ To Action From -- ------ ---- 22/tcp ALLOW IN Anywhere 22/tcp (v6) ALLOW OUT Anywhere (v6) -443/tcp DENY 192.168.0.1 +443/tcp DENY 192.168.0.1 # nice comment 443/udp DENY OUT 192.168.0.7 8080:8081 22/tcp ALLOW 192.168.0.0/24 22/udp ALLOW 192.168.0.0/24 8080:8081 on en0 -22/tcp (v6) ALLOW IN 2405:204:7449:49fc:f09a:6f4a:bc93:1955/64 on en1 +22/tcp (v6) ALLOW FWD 2405:204:7449:49fc:f09a:6f4a:bc93:1955/64 on en1 #commenting this rule 80 ALLOW IN Anywhere -8080 (v6) ALLOW IN Anywhere (v6) -Apache Full ALLOW IN Anywhere +8080 (v6) REJECT IN Anywhere (v6) +Apache Full ALLOW IN Anywhere # a comment Apache Full (v6) ALLOW IN Anywhere (v6) OpenSSH (v6) DENY IN Anywhere (v6) 10.10.10.10 8080 on enp34s0 ALLOW 127.0.0.1 8000 -50200:50300/tcp (v6) ALLOW Anywhere (v6) -Anywhere (v6) ALLOW IN 2405:204:7449:49fc:f09a:6f4a:bc93:1955 +50200:50300/tcp (v6) DENY FWD Anywhere (v6) +Anywhere (v6) LIMIT 2405:204:7449:49fc:f09a:6f4a:bc93:1955 # this is a comment