This plug currently requires ufw and executes ufw commands through pkexec to apply rules.
However, a better approach would be to use FirewallD1 and communicate with it via D-Bus. This also has the advantage of making it less brittle as communication via D-Bus is easier to manage than pkexec calls and allows for more granular privilege control (reducing the need to escalate privileges to merely when you need to write new rules).
FirewallD also supports a service-oriented model for managing firewall rules. For example, if you're controlling via the CLI, to close the SSH port, you can just do "firewall-cmd --remove-service=ssh" instead of having to specify to remove port 22. This enables you to make the plug simpler and describe things in terms of services, rather than in terms of ports.
You can, of course, still specify ports and stuff. Via the CLI, it's merely "firewall-cmd --(add|remove)-port=/(tcp|udp)".
It also has a concept of zones, so you can expose that if you'd like as well.
Everything about FirewallD is available via D-Bus, and all the tools currently written use D-Bus to communicate with it.
FirewallD is available as "firewalld" in Ubuntu.
Launchpad Details: #LP1639775 Neal Gompa - 2016-11-07 12:15:26 +0000
There is a bounty for this issue on Bountysource