I just came upon iptables-apply, which applies an iptables ruleset and lets the user confirm that everything is working correctly before finally committing the changes. If the user does not confirm after a timeout the original rules will be restored.
Currently I use ufw to configure iptables. Is there a command that provides the same functionality for ufw?
In reviewing the man page for ufw, there doesn't seem to be anything like that. The closest is the --dry run option, which just shows the changes without modifying anything.
However, I have found that applying rules which should end my SSH session (ufw even tells me so) doesn't result in interrupting my session, which makes me wonder if ufw will maintain existing connections when applying rules This way the rules could be tested and if they don't meet your requirements, then disable them. It is possible there is something about my setup that allows ufw to behave this way, but I have used this on both Rackspace servers and my home servers with vanilla installs of Ubuntu Server 12.04 64, so I think it is a property of ufw.
