Sipsmi's Blog

I use my laptop on my home network where I need to share files and other services on two networks.     Alternatively I use the laptop on a open broadband connection in an office or in hotel/B&B networks.  Obviously I do not want all the ports/networks open when away.   The firewall rules are stored in /lib/ufw (on Ubunutu anyway – your mileage may vary with distribution) and so I just configure two types of rule-sets and use a script to open the ones I want and reload the firewall rules from the file.

After configuring a rule-set with ufw / gufw I save these to a file (tar) with a name rules_<profile>.tar So now I just call a script (below)   ufwprofile  rulesetname   and it is unpacked and activated.  Simples!

#!/bin/bash
cd /lib/ufw
FILE=rules_$1.tar
echo "Requesting ufw profile $1 in $FILE"
if [ -f $FILE ]
then
   tar cvf rules_bak.tar *.rules
   tar xvf $FILE
   ufw reload
else
echo "$FILE Not found!   "
fi

So what happens if I forget to do this.   I actually run a daemon (actually a regular cron job) which checks for some known signatures on the home network (SNMP keyed  string from my server); if it is not home and the home profile is enabled it uses the script above to set “away”.  Job done!