Skip to main content

A Python wrapper for UFW

Project description

pyufw

A python wrapper for UFW (Uncomplicated FireWall), a wrapper for iptables.

Install

pyufw is avaliable from PyPi. You can download it using pip:

$ pip3 install pyufw

Also make sure ufw is installed. Depending on your distribution the package may be named ufw or python-ufw.

Documentation

Your script will have to be run with root privilages. Upon importing the module the ufw security checks will start and you may see some warning messages. The following checks will commence:

  • is setuid or setgid (for non-Linux systems)
  • checks that script is owned by root
  • checks that every component in absolute path are owned by root
  • warn if script is group writable
  • warn if part of script path is group writable
import pyufw as ufw

Enable the firewall

Enables the ufw firewall and enables on boot.

ufw.enable()

Disable the firewall

Disables the ufw firewall and disables on boot.

ufw.disable()

Reset the firewall

Returns the firewall to it's install defaults. incoming=deny, outgoing=allow, routed=reject
The default rules are:

  • allow SSH
  • allow to 224.0.0.251 app mDNS
ufw.reset()

Get status

Retuns a dict. Status is either 'active' or 'inactive'. If the firewall is active the default policies and rules list will also be included.

ufw.status()
{ 
   'status':'active',
   'default':{ 
      'incoming':'deny',
      'outgoing':'allow',
      'routed':'reject'
   },
   'rules':{ 
      1:'allow out on tun0',
      2:'allow in on tun0'
   }
}
{
    'status': 'inactive'
}

Set defaults

Set the default policies for incoming, outgoing and routed. Policies to choose from are allow, deny and reject.

ufw.default(incoming='deny', outgoing='allow', routed='reject')

Add rule

Add or Insert a rule. To insert a rule you can specify a rule number but this is optional.
Check out man ufw for rule syntax.
Returns the raw iptables rule added (incase your interested)

ufw.add("allow 22")
ufw.add("allow 22", number=3)
"allow -p all --dport 22 -j ACCEPT both"

Delete rule

Delete a rule. You can specify the rule itself, the rule number or the string * to delete all rules.

ufw.delete("allow 22")
ufw.delete(3)
ufw.delete('*')

Get rules

Get a list of the current rules. Returns a dict with the rule numbers as the index.

ufw.get_rules()
{ 
   1:'allow out on tun0',
   2:'allow in on tun0',
   3:'allow 22'
}

Show listening

Returns an array of listening ports, applications and rules that apply.
Array contains a series of tuples of the following structure:
(str transport, str listen_address, int listen_port, str application, dict rules)

ufw.show_listening()
[
    ('tcp', '*', '22', 'openssh', {
        3: 'allow 22'
    }), 
    ('tcp', '*', '57621', 'spotify', {}), 
    ('udp', '*', '1900', 'spotify', {}), 
    ('udp', '224.0.0.251', '5353', 'chrome', {}), 
    ('udp', '224.0.0.251', '5353', 'chrome', {}), 
    ('udp', '*', '68', 'dhclient', {})
]

Set Logging

Set the ufw logging level. Choose from: 'on', 'off', 'low', 'medium', 'high', 'full'. Check out man ufw for more info on logging.

ufw.set_logging('on')

Get raw iptables output

The following resources mirror the ufw cli commands and return the same unformatted string outputs. Maybe more useful for debugging.

ufw.show_raw()
ufw.show_builtins()
ufw.show_before_rules()
ufw.show_user_rules()
ufw.show_logging_rules()

Similar cool projects

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyufw-0.0.3.tar.gz (5.1 kB view details)

Uploaded Source

Built Distribution

pyufw-0.0.3-py3-none-any.whl (6.0 kB view details)

Uploaded Python 3

File details

Details for the file pyufw-0.0.3.tar.gz.

File metadata

  • Download URL: pyufw-0.0.3.tar.gz
  • Upload date:
  • Size: 5.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.14.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.35.0 CPython/3.7.4

File hashes

Hashes for pyufw-0.0.3.tar.gz
Algorithm Hash digest
SHA256 385b3338b664a056b711f59578e6c57d144887b89e497ed229a94780a2001cdb
MD5 79102813d86cb57293c2d04b61408e45
BLAKE2b-256 7e96a8ebb11384cba47bc2cd5032da337cd8e478b17872cdc8ef2343fc0c5632

See more details on using hashes here.

File details

Details for the file pyufw-0.0.3-py3-none-any.whl.

File metadata

  • Download URL: pyufw-0.0.3-py3-none-any.whl
  • Upload date:
  • Size: 6.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.14.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.35.0 CPython/3.7.4

File hashes

Hashes for pyufw-0.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 23d5820bd14a50ee4a2c2a0592adf16e097d8d384737e8a3c9343e25ca072a90
MD5 4c8550fce1ad4b6df766d6e7a72e11c9
BLAKE2b-256 6ead23dea0a58dee4b6ee32bbdbdec440b74dcc531e7fdde9caa81504ace1879

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page