Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

can I confirm there's no osquery table for ufw on ubuntu or augeas lens that parses the .rules?

I'm dumb, iptables returns ufw-configured results. This is like how the chrome_extensions table can return values for multiple browsers, I should probably send a docs PR

On linux, `iptables` is a common networking tool. It _was_ the defacto firewall. There are many third party tools that will create/manage/etc iptables rules. `ufw` is a common one.

But I’m loathe to try to enumerate them, or even mention them. It feels very different than `chrome_extensions` and chromium browsers.

I’d partly expect a site admin to know this. Like, if someone was using puppet to manage their iptable rules, would you expect the osquery docs to talk about puppet there?

And relatedly, there’s a pending issue where linux is moving away from iptables to nettables, and osquery doesn’t support that yet. (Not totally sure I remembered the name)

we switched from the iptables puppet module to one called <https://github.com/domkrm/domkrm-ufw/blob/master/manifests/allow.pp#L40|ufw> for ubuntu, maybe it's intuitive for people who sysadmin servers, which I am decidedly… not :sweat_smile:

I think it’s an uneasy balance. I don’t really expect you to know all the linux firewall tools, and which of them use what for implementations. But, likewise, I don’t think it’s reasonable for osquery to understand or document all the possible third party tools built on them.