Bug#1035497: ufw: Deny forwarding but still forward ping requests
Package: ufw Version: 0.36-7.1 Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** Hello, I use my server as a kind of VPN server, but I only want my client to use a specific IP address. So I used the following rules: ``` ufw route deny out on client09 from any to any comment 'vpn client09' ufw route deny in on client09 from any to any comment 'vpn client09' ufw route prepend allow in on client09 from 172.22.149.116 comment 'vpn client09' ufw route prepend allow in on client09 from fd04:234e:fc31:e::9 comment 'vpn client09' ``` However, I can send ping requests without 'ufw route prepend allow' and get a response, whereas the rule clearly says Deny. Apparently ping requests are always allowed through. As a workaround I can add the following manually: ``` -A ufw-before-forward -i client09 -p icmp -s 172.22.149.116 -j ACCEPT -A ufw-before-forward -i client09 -p icmp -j DROP -A ufw6-before-forward -i client09 -p ipv6-icmp -s fd92:58b6:2b2:e::9 -j ACCEPT -A ufw6-before-forward -i client09 -p ipv6-icmp -j DROP ``` I have set `DEFAULT_FORWARD_POLICY="ACCEPT"`. However, I think (and hope) that this behavior is not intentional. Hence this bug report. If I forbid a forwarding it has a good reason and then I also want this to be forbidden. *** End of the template - remove these template lines *** -- System Information: Debian Release: 11.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-22-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ufw depends on: ii debconf [debconf-2.0] 1.5.77 ii iptables 1.8.7-1 ii lsb-base 11.1.0 ii python33.9.2-3 ii ucf3.0043 ufw recommends no packages. Versions of packages ufw suggests: ii rsyslog 8.2102.0-2+deb11u1 -- debconf information excluded -- debsums errors found: perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = "en_US:en", LC_ALL = (unset), LC_TIME = "de_DE.UTF-8", LC_MONETARY = "de_DE.UTF-8", LC_ADDRESS = "de_DE.UTF-8", LC_TELEPHONE = "de_DE.UTF-8", LC_NAME = "de_DE.UTF-8", LC_MEASUREMENT = "de_DE.UTF-8", LC_IDENTIFICATION = "de_DE.UTF-8", LC_NUMERIC = "de_DE.UTF-8", LC_PAPER = "de_DE.UTF-8", LANG = "en_US.UTF-8" are supported and installed on your system. perl: warning: Falling back to a fallback locale ("en_US.UTF-8"). pgpwQxmw08GBe.pgp Description: OpenPGP digital signature
Bug#1034568: binascii.Error: Odd-length string when asking the status
Package: ufw Version: 0.36-7.1 Severity: important Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Adding a few rules: ufw route allow in on {{ item }} from fd00::/8 to fd00::/8 comment 'dnet' ufw route allow in on {{ item }} from 172.20.0.0/14 to 172.20.0.0/14 comment 'dnet' ufw route allow in on {{ item }} from 10.0.0.0/8 to 10.0.0.0/8 comment 'dnet' ufw route allow in on {{ item }} from 10.0.0.0/8 to 172.20.0.0/14 comment 'dnet' ufw route allow in on {{ item }} from 172.20.0.0/14 to 10.0.0.0/8 comment 'dnet' ufw route allow in on {{ item }} from 2001:db8:dead:beef::/64 to 2001:db8:dead:beef::/64 comment 'dnet' ufw route allow in on {{ item }} from 172.24.0.0/16 to 172.24.0.0/16 comment 'dnet' and then ufw status * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? Traceback (most recent call last): File "/usr/sbin/ufw", line 147, in res = ui.do_action(pr.action, "", "", pr.force) File "/usr/lib/python3/dist-packages/ufw/frontend.py", line 652, in do_action res = self.get_status() File "/usr/lib/python3/dist-packages/ufw/frontend.py", line 261, in get_status out = self.backend.get_status(verbose, show_count) File "/usr/lib/python3/dist-packages/ufw/backend_iptables.py", line 419, in get_status comment_str = " # %s" % r.get_comment() File "/usr/lib/python3/dist-packages/ufw/common.py", line 372, in get_comment return ufw.util.hex_decode(self.comment) File "/usr/lib/python3/dist-packages/ufw/util.py", line 1104, in hex_decode return binascii.unhexlify(h).decode('utf-8') binascii.Error: Odd-length string * What outcome did you expect instead? the normal ufw status *** End of the template - remove these template lines *** -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-21-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=locale: Cannot set LC_ALL to default locale: No such file or directory UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ufw depends on: ii debconf [debconf-2.0] 1.5.77 ii iptables 1.8.7-1 ii lsb-base 11.1.0 ii python33.9.2-3 ii ucf3.0043 ufw recommends no packages. Versions of packages ufw suggests: ii rsyslog 8.2102.0-2+deb11u1 -- Configuration Files: /etc/default/ufw changed: IPV6=yes DEFAULT_INPUT_POLICY="DROP" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="ACCEPT" DEFAULT_APPLICATION_POLICY="SKIP" MANAGE_BUILTINS=no IPT_SYSCTL=/etc/ufw/sysctl.conf IPT_MODULES="" -- debconf information: perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = "en_US:en", LC_ALL = (unset), LC_TIME = "de_DE.UTF-8", LC_MONETARY = "de_DE.UTF-8", LC_ADDRESS = "de_DE.UTF-8", LC_TELEPHONE = "de_DE.UTF-8", LC_NAME = "de_DE.UTF-8", LC_MEASUREMENT = "de_DE.UTF-8", LC_IDENTIFICATION = "de_DE.UTF-8", LC_NUMERIC = "de_DE.UTF-8", LC_PAPER = "de_DE.UTF-8", LANG = "en_US.UTF-8" are supported and installed on your system. perl: warning: Falling back to a fallback locale ("en_US.UTF-8"). locale: Cannot set LC_ALL to default locale: No such file or directory ufw/existing_configuration: ufw/allow_known_ports: ufw/allow_custom_ports: ufw/enable: false -- debsums errors found: perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = "en_US:en", LC_ALL = (unset), LC_TIME = "de_DE.UTF-8", LC_MONETARY = "de_DE.UTF-8", LC_ADDRESS = "de_DE.UTF-8", LC_TELEPHONE = "de_DE.UTF-8", LC_NAME = "de_DE.UTF-8", LC_MEASUREMENT = "de_DE.UTF-8", LC_IDENTIFICATION = "de_DE.UTF-8", LC_NUMERIC = "de_DE.UTF-8", LC_PAPER = "de_DE.UTF-8", LANG = "en_US.UTF-8" are supported and installed on your system. perl: warning: Falling back to a fallback locale ("en_US.UTF-8"). -- Marek Küthe m...@mk16.de er/ihm he/him
Bug#1031391: /lib/modules/6.0.0-12parrot1-amd64/kernel/drivers/net/wireless/ath/ath10k/ath10k_core.ko: Firmware crashed
Package: src:linux Version: 6.0.12-1parrot1 Severity: important File: /lib/modules/6.0.0-12parrot1-amd64/kernel/drivers/net/wireless/ath/ath10k/ath10k_core.ko X-Debbugs-Cc: m...@mk16.de Dear Maintainer, * What led up to the situation? I have no idea how this situation comes about. * What exactly did you do (or not do) that was effective (or ineffective) * What was the outcome of this action? * What outcome did you expect instead? The firmware crashes (judging by the log). After that, the computer becomes enormously slow, the mouse does not move for a few seconds. After that it works again. After that, Network Manager says "disconnect". When I restart the Network Manager, "Device not available" appears. -- Package-specific info: ** Version: Linux version 6.0.0-12parrot1-amd64 (t...@parrotsec.org) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Parrot) 2.37.90.20220130) #1 SMP PREEMPT_DYNAMIC Debian 6.0.12-1parrot1 (2023-01-12) ** Command line: BOOT_IMAGE=/@/boot/vmlinuz-6.0.0-12parrot1-amd64 root=UUID=4c28bef4-77fd-4464-9cd5-5b0bcc104742 ro rootflags=subvol=@ quiet cryptdevice=UUID=fed0c2db-58a8-4f7b-9ba2-9321b4f7a550:luks-fed0c2db-58a8-4f7b-9ba2-9321b4f7a550 root=/dev/mapper/luks-fed0c2db-58a8-4f7b-9ba2-9321b4f7a550 splash resume=/dev/mapper/luks-5090abc4-1254-4f9f-8ae8-2f7e0cd2bd55 ** Tainted: PWO (4609) * proprietary module was loaded * kernel issued warning * externally-built ("out-of-tree") module was loaded ** Kernel log: [ 895.441930] ath10k_pci :01:00.0: failed to reset chip: -5 [ 895.441940] ath10k_pci :01:00.0: Could not init hif: -5 [ 895.441940] ath10k_pci :01:00.0: firmware crashed! (guid da96e584-b343-413c-a3be-00ae27231f2f) [ 895.441946] ath10k_pci :01:00.0: qca9377 hw1.1 target 0x05020001 chip_id 0x003821ff sub 1a3b:2b31 [ 895.441949] ath10k_pci :01:00.0: kconfig debug 0 debugfs 0 tracing 0 dfs 0 testmode 0 [ 895.442664] ath10k_pci :01:00.0: firmware ver WLAN.TF.2.1-00021-QCARMSWP-1 api 6 features wowlan,ignore-otp crc32 42e41877 [ 895.442851] ath10k_pci :01:00.0: board_file api 2 bmi_id N/A crc32 8aedfa4a [ 895.442853] ath10k_pci :01:00.0: htt-ver 3.56 wmi-op 4 htt-op 3 cal otp max-sta 32 raw 0 hwcrypto 1 [ 895.474592] ath10k_pci :01:00.0: failed to read firmware dump area: -28 [ 895.474599] ath10k_pci :01:00.0: Copy Engine register dump: [ 895.601329] ath10k_pci :01:00.0: [00]: 0x00034400 4294967295 4294967295 4294967295 4294967295 [ 895.728000] ath10k_pci :01:00.0: [01]: 0x00034800 4294967295 4294967295 4294967295 4294967295 [ 895.854730] ath10k_pci :01:00.0: [02]: 0x00034c00 4294967295 4294967295 4294967295 4294967295 [ 895.981435] ath10k_pci :01:00.0: [03]: 0x00035000 4294967295 4294967295 4294967295 4294967295 [ 896.108078] ath10k_pci :01:00.0: [04]: 0x00035400 4294967295 4294967295 4294967295 4294967295 [ 896.234725] ath10k_pci :01:00.0: [05]: 0x00035800 4294967295 4294967295 4294967295 4294967295 [ 896.361394] ath10k_pci :01:00.0: [06]: 0x00035c00 4294967295 4294967295 4294967295 4294967295 [ 896.488048] ath10k_pci :01:00.0: [07]: 0x00036000 4294967295 4294967295 4294967295 4294967295 [ 910.494699] [UFW BLOCK] IN=wlx2887ba0f2920 OUT= MAC= SRC=fe80::::59fb:2dac:f719:7c09 DST=ff12:::::::8384 LEN=576 TC=0 HOPLIMIT=1 FLOWLBL=966803 PROTO=UDP SPT=43702 DPT=21027 LEN=536 [ 940.491215] [UFW BLOCK] IN=wlx2887ba0f2920 OUT= MAC= SRC=fe80::::59fb:2dac:f719:7c09 DST=ff12:::::::8384 LEN=576 TC=0 HOPLIMIT=1 FLOWLBL=966803 PROTO=UDP SPT=43702 DPT=21027 LEN=536 [ 967.901908] pcieport :00:1c.0: AER: Multiple Corrected error received: :00:1c.0 [ 967.927294] pcieport :00:1c.0: PCIe Bus Error: severity=Corrected, type=Physical Layer, (Receiver ID) [ 967.927302] pcieport :00:1c.0: device [8086:4db8] error status/mask=0001/2000 [ 967.927309] pcieport :00:1c.0:[ 0] RxErr (First) [ 967.927339] pcieport :00:1c.0: AER: Multiple Corrected error received: :00:1c.0 [ 967.927363] pcieport :00:1c.0: AER: can't find device of ID00e0 [ 970.497436] [UFW BLOCK] IN=wlx2887ba0f2920 OUT= MAC= SRC=fe80::::59fb:2dac:f719:7c09 DST=ff12:::::::8384 LEN=576 TC=0 HOPLIMIT=1 FLOWLBL=966803 PROTO=UDP SPT=43702 DPT=21027 LEN=536 [ 973.646684] pcieport :00:1c.0: AER: Multiple Corrected error received: :00:1c.0 [ 973.671917] pcieport :00:1c.0: PCIe Bus Error: severity=Corrected, type=Physical Layer, (Receiver ID) [ 973.671926] pcieport :00:1c.0: device [8086:4db8] error status/mask=0001/2000 [ 973.671933] pcieport :00:1c.0:[ 0] RxErr (First) [ 999.073652] perf: interrupt took too long (2542 > 2500), lowering kernel.perf_event_max_sample_rate to 78600 [ 1000.492301] [UFW BLOCK] IN=wlx2887ba0f2920 OUT= MAC= SRC=fe80:::