A customer wants to deploy firewall rules as a .deb package. The first pass assumes that ufw is already installed. The second pass will not make this assumption and check if ufw is installed. If it is, just install firewall rules. If not installed, install ufw from .deb package (not remotely) and install firewall rules. This is a work in progress.
Tips and tricks:
Allow ssh session from all:
sudo ufw allow ssh
Deleting rules:
sudo ufw delete allow 80/tcp
Creating a .deb package without populating a systemV init.d script:
Overriding dh_installinit by adding the following to debian/rules:
override_dh_installinit:
true
The ufw rules files user6.rules and user.rules are located in:
/lib/ufw
On the machine making the .deb package, add the user6.rules and user.rules files to ./data/lib/ufw
Edit the deb.contents file to reflect the files contained in the package. For reasons I’ve yet to figure out, /etc/default and /etc/init.d files are placed into the package.
Listing ufw rules:
sudo ufw status