I'm trying to comment an existing ufw firewall rule, but I can't find the exact command
I can easily add a rule with comment like:
sudo ufw allow in on eth0 to any port 80 comment 'test'
But how do I comment an existing rule?
If you add exactly same rule, then the existing rule gets overwritten and comment is updated there.
E.g.:
recyber@linux:~$ sudo ufw allow from 10.0.0.0/24 to any port 1234 comment "Comment"
Rule updated
According to ufw man page, there is no way how to edit existing rules in-place.
Here are your options:
A) Delete, and then recreate your rule with comment
B) Use ufw app profiles to define a service, then use description section for your comment.
I know this is a grave dig, but needing to do this myself lead to a much easier answer, so when someone else looks for this, they may benefit.
This lead to a quick investigation of adding a faux rule with comment 'foo', and then investigating the /etc/ufw/user.rules file...
Rule: ufw deny from 1.1.1.1 to any comment foo
File:
### tuple ### deny any any 0.0.0.0/0 any 1.1.1.1 in comment=666f6f
-A ufw-user-input -s 1.1.1.1 -j DROP
Notice the "comment=666f6f"
So it does not take a rocket scientist to recognize this is hex 66=f&6f=o&6f=o
Using the same model for other rules, I prepended them with comment= and viola!
Hope it saves someone else the vast amount of time it saved me :-)
Edit: Glad someone else found it useful, as well, if anyone struggles with the conversion....
echo -n "foo" | od -A n -t x1 | sed 's/ //g'
returns 666f6f, just substitute your own comment.
This uses echo to get the string to od which allows you to output the data in other number formats, then sed to parse out the spaces.
Note: Comments WITH spaces, the spaces will become hex 20 in od output before sed. So you do not have to account for them with something like regex as we anticipate the output to be hex, and know a space char will never be valid in what we want.
In my installation ufw 0.36 on Ubuntu 18.04 ufw does not update rules, you will need to delete and recreate a rule. As ufw denies everything inbound by default and you open ports as needed. I assume it also does this in other versions too so you may not have your own deny rules to consider but if you do, the numbering may be important to you so you can do the following.
An example with comment.
ufw status numbered
ufw delete <rule number>
ufw insert <old rule number> allow from <IP address> to any port <port or service (ssh smtp imap etc...> comment '<your comment>'
ufw reload
ufw status
This should place the rule back exactly where it was which might be important to your rule configurations for example if you have a blanket deny rule you will want your allow rule before it. If you do not need to do this just omit the insert from the commands and the replacement rule will be appended.