I am using ansible to configure ufw on my DB servers to only let accept connections from certain servers connection to a specific port (lets say 1234
).
When a server that used to have access is taken out of the pool, it might be forgotten to remove the access rule for that server.
My solution: When setting up the rules, I want to delete all rules for port 1234
, and then recreate them with the servers from the current pool.
Unfortunately ufw delete
requires to precisely specify the rule to be deleted (port,protocol, scr IP,…).
I tried a solution like ufw delete $(ufw status numbered | grep 1234 | <get all the numbers of the rules> )
, but it got really ugly, really fast.
Is there a better way to delete all rules for a certain port?
Best Answer
There are two problems that need to be solved here:
I think I have a solution for problem #1 via this one liner in bash:
The example above matches any firewall rule for the string '80/tcp' and prints just the rule number with the brackets stripped.
I have not solved problem #2 yet because as best I can tell, the 'ufw delete' command does not have a switch that suppresses the '(y|n)' confirmation prompt, thus foiling automation.
You can run the command below however and manually hammer out each rule deletion by hitting the 'y' key to confirm and then up arrow => enter to rinse and repeat