A Python wrapper for UFW
Project description
pyufw
A python wrapper for UFW (Uncomplicated FireWall), a wrapper for iptables.
Install
pyufw is avaliable from PyPi. You can download it using pip:
$ pip3 install pyufw
Also make sure ufw is installed. Depending on your distribution the package may be named ufw
or python-ufw
.
Documentation
Your script will have to be run with root privilages. Upon importing the module the ufw security checks will start and you may see some warning messages. The following checks will commence:
- is setuid or setgid (for non-Linux systems)
- checks that script is owned by root
- checks that every component in absolute path are owned by root
- warn if script is group writable
- warn if part of script path is group writable
import pyufw as ufw
Enable the firewall
Enables the ufw firewall and enables on boot.
ufw.enable()
Disable the firewall
Disables the ufw firewall and disables on boot.
ufw.disable()
Reset the firewall
Returns the firewall to it's install defaults. incoming=deny, outgoing=allow, routed=reject
The default rules are:
allow SSH
allow to 224.0.0.251 app mDNS
ufw.reset()
Get status
Retuns a dict. Status is either 'active'
or 'inactive'
. If the firewall is active the default policies and rules list will also be included.
ufw.status()
{
'status':'active',
'default':{
'incoming':'deny',
'outgoing':'allow',
'routed':'reject'
},
'rules':{
1:'allow out on tun0',
2:'allow in on tun0'
}
}
{
'status': 'inactive'
}
Set defaults
Set the default policies for incoming
, outgoing
and routed
. Policies to choose from are allow
, deny
and reject
.
ufw.default(incoming='deny', outgoing='allow', routed='reject')
Add rule
Add or Insert a rule. To insert a rule you can specify a rule number but this is optional.
Check out man ufw
for rule syntax.
Returns the raw iptables rule added (incase your interested)
ufw.add("allow 22")
ufw.add("allow 22", number=3)
"allow -p all --dport 22 -j ACCEPT both"
Delete rule
Delete a rule. You can specify the rule itself, the rule number or the string *
to delete all rules.
ufw.delete("allow 22")
ufw.delete(3)
ufw.delete('*')
Get rules
Get a list of the current rules. Returns a dict with the rule numbers as the index.
ufw.get_rules()
{
1:'allow out on tun0',
2:'allow in on tun0',
3:'allow 22'
}
Show listening
Returns an array of listening ports, applications and rules that apply.
Array contains a series of tuples of the following structure:
(str transport, str listen_address, int listen_port, str application, dict rules)
ufw.show_listening()
[
('tcp', '*', '22', 'openssh', {
3: 'allow 22'
}),
('tcp', '*', '57621', 'spotify', {}),
('udp', '*', '1900', 'spotify', {}),
('udp', '224.0.0.251', '5353', 'chrome', {}),
('udp', '224.0.0.251', '5353', 'chrome', {}),
('udp', '*', '68', 'dhclient', {})
]
Set Logging
Set the ufw logging level. Choose from: 'on', 'off', 'low', 'medium', 'high', 'full'
.
Check out man ufw
for more info on logging.
ufw.set_logging('on')
Get raw iptables output
The following resources mirror the ufw cli commands and return the same unformatted string outputs. Maybe more useful for debugging.
ufw.show_raw()
ufw.show_builtins()
ufw.show_before_rules()
ufw.show_user_rules()
ufw.show_logging_rules()
Similar cool projects
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.