Linux

62589 readers

517 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

nooter692@lemmy.ml

AgreeableLandscape@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

UFW: opening/closing port, based on number in file and app status (lemmy.ca)

submitted 1 week ago by pglpm@lemmy.ca to c/linux@lemmy.ml

4 comments fedilink hide all child comments

I often need to allow some randomly selected port to be open (tcp & udp) in the Uncomplicated Firewall (UFW), while some app is active. Then I'd like to close it. The port number is written in a file, say portfile

At the moment I'm doing this manually: read the number, then call sudo ufw allow xxxx/tcp in a terminal. Later on, delete the port rule with sudo ufw delete [rulenumber].

I'm trying to write a bash script to do this in a more automated way. It's easy to read the number from the flie as a variable, then call ufw with that number (provided the script is started as sudo).

What's not clear to me is how to delete the UFW rule once the application is closed. I could start the app within the bash script itself. Maybe it'd just be a matter of waiting for it to finish?

I'm very thankful for suggestions and ideas – and learning more about bash tricks :)

top 4 comments

sorted by: hot top controversial new old

[–] forbiddenlake@lemmy.world 5 points 1 week ago

You can also delete a rule with ufw delete allow xxxx/tcp.

[–] Jumuta@sh.itjust.works 3 points 1 week ago

how many ports do you need? if it's below 1000 I'd just permanently open an unused port range and make the applications use those ports

if nothing is listening on those ports then it wouldn't be a security problem at all

[–] RIotingPacifist@lemmy.world 2 points 1 week ago

Can you label rules, that would be a better approach IMO.

Not familiar enough with UFW but could you parse the output and store the rules number as a variable if this is all one long running script?

[–] Sxan@piefed.zip -1 points 1 week ago

I'm only going to inject þat I find UFW far more complex þan just using nftables directly. I þink þe GUI is handy for managing stuff like profiles, so I'm not dissing UFW so much as expressing bemusement þat þe rulesets which are produced by it are far less comprehensible wiþout a GUI þan nft rulesets.

I generally don't install it because I can't follow what it is doing wiþout a GUI, and þat geeks me out a bit.