Thanks for all the feedback! FYI, since '1' in ufw corresponds to the literal rule number '1', this is going to be implemented with a new 'prepend' command. Eg:
$ sudo ufw allow 22/tcp $ sudo ufw allow from 1.2.3.4 $ sudo ufw allow from 2001:db8::/32 $ sudo ufw status numbered ... [1] 22/tcp ALLOW IN Anywhere [2] Anywhere ALLOW IN 1.2.3.4 [3] 22/tcp (v6) ALLOW IN Anywhere (v6) [4] Anywhere (v6) ALLOW IN 2001:db8::/32 $ sudo ufw prepend deny from 2a02:2210:12:a:b820:fff:fea2:25d1 $ sudo ufw prepend deny from 6.7.8.9 $ sudo ufw status numbered ... [1] Anywhere DENY IN 6.7.8.9 [2] 22/tcp ALLOW IN Anywhere [3] Anywhere ALLOW IN 1.2.3.4 [4] Anywhere (v6) DENY IN 2a02:2210:12:a:b820:fff:fea2:25d1 [5] 22/tcp (v6) ALLOW IN Anywhere (v6) [6] Anywhere (v6) ALLOW IN 2001:db8::/32 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1368411 Title: Cannot insert IPV6 rule before IPV4 rules Status in ufw: In Progress Status in ufw package in Ubuntu: Confirmed Status in ufw package in Debian: New Bug description: I am unable to insert any rules concerning IPV6 before IPV4 rules. Thus, when IPV4 rules are numbered 1 to 5 and IPV6 rules are numbered 6 to 10, the following command: [code] ufw insert 1 deny from 2a02:2210:12:a:b820:fff:fea2:25d1 [/code] errors with "ERROR: Invalid position '1'". However, the command [code] ufw insert 6 deny from 2a02:2210:12:a:b820:fff:fea2:25d1 [/code] succeeds. In my case, this poses a problem, since I am trying to insert rules from a script against brute force attacks. The script needs to insert blocking rules before a number of other rules that open up some ports (since the order of rules is important in ufw). However since the number of IPV4 rules will be changing all the time, the position of the first available number for an IPV6 address is hard to determine. Proposed solution: either allow IPV6 rules to precede IPV4 rules, or implement a keyword defining the first available position; e.g. "ufw insert first deny from 2a02:2210:12:a:b820:fff:fea2:25d1". BTW: this was all figured out with ufw version 0.31.1-1, Ubuntu 12.04.5 LTS, To manage notifications about this bug go to: https://bugs.launchpad.net/ufw/+bug/1368411/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
