I’ve filed Extend network API to support basic input firewalling · Issue #528 · lxc/incus-os · GitHub to track adding of basic input firewall rules to IncusOS.
We’re most likely to do this directly through nft.
The ufw syntax is convenient but it’s a python script and we’re trying pretty hard to keep the base image as small as possible. So far we’ve managed to keep it to basically just shell scripts and binary stuff. No python in there and we’ve stripped most of the perl stuff.
I also don’t know if ufw actually works these days on a system that only has nft, no xtables legacy commands, no legacy xtables kernel support and no xtables-to-nft command wrappers. Maybe @jdstrand still lurks around here and can answer that one 