Bug#783251: ufw: Ufw autostarts wrongly by itself after Wheezy Jessie upgrade
On 07/20/2015 03:01 PM, Jamie Strandboge wrote: On 07/17/2015 03:27 PM, Quentin Berling wrote: Hi, I'm still having the problem. I just did : # ufw disable # reboot # ufw status ERROR: problem running ip6tables I cannot reproduce this on an up to date sid system (which has the same version of ufw as jessie). Attached is a script to gather various details from the system. Please review it, copy it to /tmp/getinfo.sh, then run it like so: sudo sh /tmp/getinfo.sh Please send the resulting /tmp/ufw.tar.gz to my email address (ie, don't attach it to the bug since it reveals your firewall, kernel log, syslog and other details). Thank you for providing this information. I looked at what you provided (note, kern.log and syslog were no help) and found that /etc/ufw/ufw.conf has 'ENABLED=yes' and /etc/init.d/ufw is missing. I then setup my sid system with ENABLED=yes and moved /etc/init.d/ufw to the side, then rebooted. The firewall was correctly not started (it can't be started because there is nothing in /etc/init.d to start it). I examined the upstart and systemd jobs on your system and there wasn't anything that would start ufw. As such, at this point I'm convinced that this issue is not with ufw itself and rather a local issue. I did notice that you had fail2ban installed. Perhaps there is a fail2ban configuration option or something that would save the running firewall such that it saved ufw's rules when it was enabled and now is restoring them on reboot? Perhaps you had iptables-persistent or something else installed that would save/reload the loaded firewall and it is somehow getting run on boot now? Perhaps you have a cron job or something that is accessing /lib/ufw/ufw-init directly? At this point, you can clean up your system by doing: 1. # /lib/ufw/ufw-init stop 2. edit /etc/ufw/ufw.conf to have ENABLED=no 3. optionally remove ufw with 'apt-get remove --purge ufw' (this will of course lose all your modifications to /etc/ufw/* and your added rules in /lib/ufw/* -- Jamie Strandboge http://www.ubuntu.com/ signature.asc Description: OpenPGP digital signature
Bug#783251: ufw: Ufw autostarts wrongly by itself after Wheezy Jessie upgrade
On 07/17/2015 03:27 PM, Quentin Berling wrote: Hi, I'm still having the problem. I just did : # ufw disable # reboot # ufw status ERROR: problem running ip6tables I cannot reproduce this on an up to date sid system (which has the same version of ufw as jessie). Attached is a script to gather various details from the system. Please review it, copy it to /tmp/getinfo.sh, then run it like so: sudo sh /tmp/getinfo.sh Please send the resulting /tmp/ufw.tar.gz to my email address (ie, don't attach it to the bug since it reveals your firewall, kernel log, syslog and other details). Thanks -- Jamie Strandboge http://www.ubuntu.com/ getinfo.sh Description: application/shellscript signature.asc Description: OpenPGP digital signature
Bug#783251: ufw: Ufw autostarts wrongly by itself after Wheezy Jessie upgrade
On 04/24/2015 11:04 AM, Quentin Berling wrote: Package: ufw Version: 0.33-2 Severity: important Tags: ipv6 Dear Maintainer, I upgraded my Wheezy server to Jessie a few days ago. Now, everytime I reboot my server, ufw autostarts wrongly. By wrongly, I mean that ufw should be disabled but instead ufw status return an ip6tables (see the attached privatepaste) error and ufw seems to block some ports?. You'll see in the bug report that /etc/init.d/ufw isn't there anymore, it's because I mved it out of the directory. However, ufw still autostarts by itself. I have of course already done ufw disable countless times. The fix is to ufw disable ufw enable everytime the server reboot (even if ufw was previously disabled). http://privatepaste.com/97f2611c62 I think the ip6tables error is caused by an early? start of ufw, so it may be a good start to investigate what cause it to start... Thanks for your help, Quentin I'm sorry for responding to this now. http://privatepaste.com/97f2611c62 is no longer available. Are you still having the problem? If so, can you provide the output of: # /usr/share/ufw/check-requirements Thank you -- Jamie Strandboge http://www.ubuntu.com/ signature.asc Description: OpenPGP digital signature
Bug#783251: ufw: Ufw autostarts wrongly by itself after Wheezy Jessie upgrade
Hi, Im still having the problem. I just did : # ufw disable # reboot # ufw status ERROR: problem running ip6tables # /usr/share/ufw/check-requirements Has python: pass (binary: python2.7, version: 2.7.9, py2) Has iptables: pass Has ip6tables: pass Has /proc/net/dev: pass Has /proc/net/if_inet6: pass This script will now attempt to create various rules using the iptables and ip6tables commands. This may result in module autoloading (eg, for IPv6). Proceed with checks (Y/n)? Y == IPv4 == Creating ufw-check-requirements... done Inserting RETURN at top of ufw-check-requirements... done TCP: pass UDP: pass destination port: pass source port: pass ACCEPT: pass DROP: pass REJECT: pass LOG: pass hashlimit: pass limit: pass state (NEW): pass state (RELATED): pass state (ESTABLISHED): pass state (INVALID): pass state (new, recent set): pass state (new, recent update): pass state (new, limit): pass interface (input): pass interface (output): pass multiport: pass comment: pass addrtype (LOCAL): pass addrtype (MULTICAST): pass addrtype (BROADCAST): pass icmp (destination-unreachable): pass icmp (source-quench): pass icmp (time-exceeded): pass icmp (parameter-problem): pass icmp (echo-request): pass == IPv6 == Creating ufw-check-requirements6... done Inserting RETURN at top of ufw-check-requirements6... done TCP: pass UDP: pass destination port: pass source port: pass ACCEPT: pass DROP: pass REJECT: pass LOG: pass hashlimit: pass limit: pass state (NEW): pass state (RELATED): pass state (ESTABLISHED): pass state (INVALID): pass state (new, recent set): pass state (new, recent update): pass state (new, limit): pass interface (input): pass interface (output): pass multiport: pass comment: pass icmpv6 (destination-unreachable): pass icmpv6 (packet-too-big): pass icmpv6 (time-exceeded): pass icmpv6 (parameter-problem): pass icmpv6 (echo-request): pass icmpv6 with hl (neighbor-solicitation): pass icmpv6 with hl (neighbor-advertisement): pass icmpv6 with hl (router-solicitation): pass icmpv6 with hl (router-advertisement): pass ipv6 rt: pass All tests passed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#783251: ufw: Ufw autostarts wrongly by itself after Wheezy Jessie upgrade
Package: ufw Version: 0.33-2 Severity: important Tags: ipv6 Dear Maintainer, I upgraded my Wheezy server to Jessie a few days ago. Now, everytime I reboot my server, ufw autostarts wrongly. By wrongly, I mean that ufw should be disabled but instead ufw status return an ip6tables (see the attached privatepaste) error and ufw seems to block some ports?. You'll see in the bug report that /etc/init.d/ufw isn't there anymore, it's because I mved it out of the directory. However, ufw still autostarts by itself. I have of course already done ufw disable countless times. The fix is to ufw disable ufw enable everytime the server reboot (even if ufw was previously disabled). http://privatepaste.com/97f2611c62 I think the ip6tables error is caused by an early? start of ufw, so it may be a good start to investigate what cause it to start... Thanks for your help, Quentin -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages ufw depends on: ii debconf [debconf-2.0] 1.5.56 ii iptables 1.4.21-2+b1 ii python33.4.2-2 pn python3:anynone ii ucf3.0030 ufw recommends no packages. Versions of packages ufw suggests: ii rsyslog 8.4.2-1 -- Configuration Files: /etc/default/ufw changed: IPV6=yes DEFAULT_INPUT_POLICY=DROP DEFAULT_OUTPUT_POLICY=ACCEPT DEFAULT_FORWARD_POLICY=ACCEPT DEFAULT_APPLICATION_POLICY=SKIP MANAGE_BUILTINS=no IPT_MODULES=nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns /etc/init.d/ufw [Errno 2] Aucun fichier ou dossier de ce type: u'/etc/init.d/ufw' -- debconf information: * ufw/existing_configuration: ufw/allow_custom_ports: * ufw/enable: false ufw/allow_known_ports: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org