UFW Firewall Profile Switch
I use my laptop on my home network where I need to share files and other services on two networks. Alternatively I use the laptop on a open broadband connection in an office or in hotel/B&B networks. Obviously I do not want all the ports/networks open when away. The firewall rules are stored in /lib/ufw (on Ubunutu anyway – your mileage may vary with distribution) and so I just configure two types of rule-sets and use a script to open the ones I want and reload the firewall rules from the file.
After configuring a rule-set with ufw / gufw I save these to a file (tar) with a name rules_<profile>.tar So now I just call a script (below) ufwprofile rulesetname and it is unpacked and activated. Simples!
#!/bin/bash
cd /lib/ufw
FILE=rules_$1.tar
echo "Requesting ufw profile $1 in $FILE"
if [ -f $FILE ]
then
tar cvf rules_bak.tar *.rules
tar xvf $FILE
ufw reload
else
echo "$FILE Not found! "
fi
So what happens if I forget to do this. I actually run a daemon (actually a regular cron job) which checks for some known signatures on the home network (SNMP keyed string from my server); if it is not home and the home profile is enabled it uses the script above to set “away”. Job done!
Leave a comment