I'd like to reset the ufw settings back to the defaults, apply new settings, and only then reload the firewall. While I'm making the changes I'd like the firewall to keep running with its old settings.
man ufw states:
reset Disables and resets firewall to installation defaults. Can also give the --force
option to perform the reset without confirmation.
So it appears that ufw reset is not the solution because it disables the firewall in addition to reseting to installation defaults.
I know that I can muck around with the ufw config files directly and then ufw reload. Is that the solution or is there a more idiomatic way of using ufw in this case?
Best Answer
Here is the logic I used to go about it. I did this so I could edit the ufw.conf file directly all day remotely over ssh without interfering with the active ufw.conf, just cause. This is a process where you would be manually configuring the conf file directly instead of using various commands to edit the conf file.
Make a temp directory
Copy /etc/ufw/ directory to your temp directory
cp /etc/ufw/* /home/<USERNAME>/temp_dir/Edit the ufw.conf and other config files in your temp directory accordingly to your prefered design editing directly to the configuration file
vi /home/<USERNAME>/temp_dir/ufw.confNote: The default values in ufw.conf consists of comments plus these 2 lines:
Make your rules by directly adding them to the temp
ufw.conffile. Save your changes:wqCopy the temp directory while also replacing the Original UFW files with the files in the temp directory using the update flag
Restart UFW
It's a bit of a work around but its tested and works with 14.04. This worked for me updating the configuration files without disrupting the firewall. This is because you're editing a file not being used by the firewall until told to do so. Also you may have to change some permissions to get the commands to work.
Another similar approach would be to have 2 servers, resetting and editing UFW on the 1st server then
cp -uto the 2nd server.Good Luck!!