Re: [Bug 650620] Re: UFW blocks internet after kernal update.
I have filed a new bug. https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1034258 On 2012/08/06 17:40, Jamie Strandboge wrote: > Mduduzi, > > Please file a new bug including your kernel version and your findings > showing that ufw is the problem. Thanks. > > ** Changed in: ufw (Ubuntu) > Status: Confirmed => Invalid > > ** Changed in: ufw (Ubuntu) > Assignee: Jamie Strandboge (jdstrand) => (unassigned) > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/650620 Title: UFW blocks internet after kernal update. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/650620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
Thanks for the reply... but err... how do I get all that info if I cannot access the server at all? Remember, the server is a virtual server on the cloud! There is no way to prove this except to replicate. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/650620 Title: UFW blocks internet after kernal update. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/650620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 650620] Re: UFW blocks internet after kernal update.
Hi Jamie, Thanks for the reply... but err... how do I get all that info if I cannot access the server at all? Remember, the server is a virtual server on the cloud! There is no way to prove this except to replicate. On 2012/08/06 17:40, Jamie Strandboge wrote: > Mduduzi, > > Please file a new bug including your kernel version and your findings > showing that ufw is the problem. Thanks. > > ** Changed in: ufw (Ubuntu) > Status: Confirmed => Invalid > > ** Changed in: ufw (Ubuntu) > Assignee: Jamie Strandboge (jdstrand) => (unassigned) > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/650620 Title: UFW blocks internet after kernal update. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/650620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
Mduduzi, Please file a new bug including your kernel version and your findings showing that ufw is the problem. Thanks. ** Changed in: ufw (Ubuntu) Status: Confirmed => Invalid ** Changed in: ufw (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/650620 Title: UFW blocks internet after kernal update. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/650620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
Hi, This bug has gotten me enough times with my Amazon EC2 servers. Only now do I realise that it is after the kernel update. When updating using apt-get upgrade, UFW, keeps working as expected even if I reboot. This morning I followed up with apt-get dist-upgrade specifically because I wanted to update the kernel. After the reboot, I cannot SSH into the server. This is a critical bug because I cannot access my EC2 server! What options do I have other than to loose the entire server, and beg software vendors to issue me another license because the server is still running, I simply cannot access it at all via ANY ports! Not even the web services via HTTPS are available! This also means that I loose all contents of the server not on a separate, attached storage! This has happened numerous times but only now have I been able to conclusively pin it down to UFW failing after kernel upgrade. Until this bug is fixed, I suggest anybody should not use UFW on EC2 servers. Or if you must, disable and remove it altogether before upgrading the kernel/image. My server is running the x86 version of 10.04 LTS on Amazon's EC2. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/650620 Title: UFW blocks internet after kernal update. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/650620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
** Changed in: ufw (Ubuntu) Status: Invalid => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/650620 Title: UFW blocks internet after kernal update. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/650620/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
This suggests a problem with your kernel, upgrade procedures of the kernel or another program has firewall rules loaded that are conflicting with ufw in some way. ufw is a frontend to iptables, which is the program used to manipulate the netfilter firewall capabilities of your kernel. ufw doesn't 'do' anything on its own in the background except on boot, when it loads the firewall rules you have specified. Removing ufw and reinstalling flushes the chains and then reinitializes them (which incidentally can be accomplished by doing 'sudo /lib/ufw/ufw-init flush- all ; sudo /lib/ufw/ufw-init start' or by rebooting). You also mentioned that this is a VM-- it could be that networking is not set up properly for the VM. The next time you have the problem, before you try to correct it please attach the output of the following commands: $ sudo /usr/share/ufw/check-requirements $ sudo ufw show raw You can also try these yourself beforehand-- the first will tell you if your kernel has everything you need and the latter should only show the default chains and chains starting with 'ufw'. If you see other rules in there, you will want to investigate what added them and remove the offending program. -- UFW blocks internet after kernal update. https://bugs.launchpad.net/bugs/650620 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
RE: [Bug 650620] Re: UFW blocks internet after kernal update.
All the blocks are correct and required, as they represent domains that constantly attack my systems, the only typo I has was UDP which should have been TCP. Only TCP is required on this computer as this is my host, not running the web server. I have not upgraded my VM which is my server that needs 22 and 443 TCP open to 10.04 yet because of all the problems I was having with UFW blocking all traffic out even with default allow in and out rules, the rules are the same for both the host and server with the exception of 443 and 22 on the server on only on the host. Some times UFW would work on my 10.04 host after a kernel update then I would stop after another, I don't know what caused it, but a full removal and reinstall of UFW seems to have corrected the issue for now. I have seen others have similar issues on-line, with many possible solutions that failed for both them and me, I just on a last resort effort, except waiting to try Ubuntu 10.10, tried a removal and reinstall of UFW, and so far so good. Thanks for looking into this however. > Date: Fri, 8 Oct 2010 18:02:01 + > From: ja...@ubuntu.com > To: slade...@hotmail.com > Subject: [Bug 650620] Re: UFW blocks internet after kernal update. > > Not having /var/lib/ufw is fine. > > You have a lot of deny rules in your /lib/ufw/user.rules file and they are > not at all what you said you added. I suggest doing: > $ sudo ufw reset > $ sudo ufw allow 443/tcp > $ sudo ufw limit 22/tcp > $ sudo ufw enable > > The reset command will backup your files for you. All you other files > look otherwise fine. > > -- > UFW blocks internet after kernal update. > https://bugs.launchpad.net/bugs/650620 > You received this bug notification because you are a direct subscriber > of the bug. > > Status in “ufw” package in Ubuntu: Invalid > > Bug description: > Configuration I have a cable modem connected to a router with my computer > connected to the router, and my IP is statically set. > > With Ubuntu 9.04 and UFW I used a "default deny," I then setup "22 limit > anywhere" and 443/tcp allow anywhere" this worked great and let me browse out > to the internet and only have incoming traffic to 22 and 443. > > However with Ubuntu 10.04 I am having major problems, I have it setup this > way: > > With Ubuntu 10.04 I use "default deny in" and "default allow out." I then > setup "443/tcp allow in anywhere" and "22 limit in anywhere" with this setup > I can't even browse the web; "http://ubuntuforums.org"; times out for example. > The only way I can browse the web is to disable UFW completely. I even tried > setting UFW with "allow" as default for both "in" and "out" but this also > causes the web not to work. > > Any suggestions? > > Well, after getting kernel update and rebooting yesterday, UFW now blocks my > outgoing internet traffic again. Had to disable it to get out. > > To unsubscribe from this bug, go to: > https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/650620/+subscribe -- UFW blocks internet after kernal update. https://bugs.launchpad.net/bugs/650620 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
I would also advise taking a look at your (old if you did the reset already) /lib/ufw/user.rules file and see what went wrong. Maybe it got misrestored from backup or something. I am marking the bug Invalid since the supplied user.rules did not have the necessary rules to allow the traffic you are interested in allowing. Please feel free to open any new bugs in Ubuntu. ** Changed in: ufw (Ubuntu) Status: Incomplete => Invalid -- UFW blocks internet after kernal update. https://bugs.launchpad.net/bugs/650620 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
Not having /var/lib/ufw is fine. You have a lot of deny rules in your /lib/ufw/user.rules file and they are not at all what you said you added. I suggest doing: $ sudo ufw reset $ sudo ufw allow 443/tcp $ sudo ufw limit 22/tcp $ sudo ufw enable The reset command will backup your files for you. All you other files look otherwise fine. -- UFW blocks internet after kernal update. https://bugs.launchpad.net/bugs/650620 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
Attached as requested. I have no "/var/lib/ufw" ** Attachment added: "650620.tar.gz" https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/650620/+attachment/1678203/+files/650620.tar.gz -- UFW blocks internet after kernal update. https://bugs.launchpad.net/bugs/650620 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
Of course I mean 'your ufw configuration' in the last comment. -- UFW blocks internet after kernal update. https://bugs.launchpad.net/bugs/650620 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
Can you attach your ufw with: $ sudo tar -zcvf /tmp/650620.tar.gz /var/lib/ufw /lib/ufw /etc/ufw ** Changed in: ufw (Ubuntu) Status: New => Incomplete ** Changed in: ufw (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) -- UFW blocks internet after kernal update. https://bugs.launchpad.net/bugs/650620 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 650620] Re: UFW blocks internet after kernal update.
After trying too many things I found on the Internet that failed to correct the issue, I had to use "Synaptic Package Manager" and do a "Mark for Complete Removal" for both "ufw" and "gufw" then reinstall. It all works again! -- UFW blocks internet after kernal update. https://bugs.launchpad.net/bugs/650620 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs