can I confirm there s no osquery table for ufw on ubuntu or

Question

can I confirm there s no osquery table for ufw on ubuntu or augeas lens that parses the rules

allister · Answer

I m dumb iptables returns ufw configured results This is like how the chrome extensions table can return values for multiple browsers I should probably send a docs PR

seph · Answer

I m not sure this is a docs change

seph · Answer

On linux `iptables` is a common networking tool It was the defacto firewall There are many third party tools that will create manage etc iptables rules `ufw` is a common one But I m loathe to try to enumerate them or even mention them It feels very different than `chrome extensions` and chromium browsers I d partly expect a site admin to know this Like if someone was using puppet to manage their iptable rules would you expect the osquery docs to talk about puppet there

seph · Answer

And relatedly there s a pending issue where linux is moving away from iptables to nettables and osquery doesn t support that yet Not totally sure I remembered the name

allister · Answer

we switched from the iptables puppet module to one called <https github com domkrm domkrm ufw blob master manifests allow pp L40|ufw> for ubuntu maybe it s intuitive for people who sysadmin servers which I am decidedly not sweat smile

seph · Answer

I think it s an uneasy balance I don t really expect you to know all the linux firewall tools and which of them use what for implementations But likewise I don t think it s reasonable for osquery to understand or document all the possible third party tools built on them