[Touch-packages] [Bug 881137] Re: UFW does not clean iptables setting from /etc/ufw/before.rules

Fri, 23 Nov 2018 01:35:41 -0800 

Is this going to work? 
It was reported on 2011 and last comment on 2015.
It is 2018 and still after restarting ufw rules are added multiple time.
Just add this:
/etc/ufw/after_up
/etc/ufw/after_down
/etc/ufw/before_up
/etc/ufw/before_down

User can manualy add rules to *_up executed when ufw starts and add
rules to be deleted to *_down when ufw is shutting down.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/881137

Title:
  UFW does not clean iptables setting from /etc/ufw/before.rules

Status in ufw package in Ubuntu:
  Won't Fix

Bug description:
  Adding some additional settings to /etc/ufw/before.rules is not
  deleted when ufw is stopped.

  I added these lines at top of file /etc/ufw/before.rules

  *nat
  :POSTROUTING ACCEPT [0:0]
  -A POSTROUTING -o eth0 -j MASQUERADE
  COMMIT

  Then I reloaded ufw firewall with command: ufw reload. Output from
  iptables-save

  $ iptables-save -t nat
  *nat
  :PREROUTING ACCEPT [4:478]
  :INPUT ACCEPT [4:478]
  :OUTPUT ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  -A POSTROUTING -o eth0 -j MASQUERADE 
  COMMIT

  Then I reloaded ufw firewall again:

  $ iptables-save -t nat
  *nat
  :PREROUTING ACCEPT [4:478]
  :INPUT ACCEPT [4:478]
  :OUTPUT ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  -A POSTROUTING -o eth0 -j MASQUERADE 
  -A POSTROUTING -o eth0 -j MASQUERADE 
  COMMIT

  And ufw reload again

  $ iptables-save -t nat
  *nat
  :PREROUTING ACCEPT [4:478]
  :INPUT ACCEPT [4:478]
  :OUTPUT ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  -A POSTROUTING -o eth0 -j MASQUERADE 
  -A POSTROUTING -o eth0 -j MASQUERADE 
  -A POSTROUTING -o eth0 -j MASQUERADE
  COMMIT

  And again and postrouting is never deleted when ufw is stopped and
  added again when stared. Same happen if I stop ufw firewall with: $
  stop ufw. nat lines are not cleaned.

  UFW should remove all iptables settings specified in config files
  after ufw is stopped! This can be dangerous if apt-get is updating
  some ufw files and scripts needs to reload ufw (some lines will be
  more times).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/881137/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to