Ubuntu
ufw package

Some ICMPv6 packets rejected due to rule ordering

Bug #1509725 reported by Saikrishna Arcot
This bug report is a duplicate of:  Bug #1664133: ipv6 multicast pings don't return. Edit Remove
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

In the default before6.rules file, the following lines:

# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny
-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP

are present before the ICMPv6 rules. The problem is that this also captures echo replies (but, somehow, allows echo requests) and some IPv6 routing announcements. If I try to ping ff02::1 to ping all devices on the local network, I only get a response from my own device.

Moving those three lines towards the end of the file (after all ICMP rules and before the COMMIT) fixes the issue.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: ufw 0.34-2
Uname: Linux 4.3.0-rc5arcot x86_64
ApportVersion: 2.19.1-0ubuntu3
Architecture: amd64
CurrentDesktop: KDE
Date: Sat Oct 24 18:07:40 2015
InstallationDate: Installed on 2012-10-19 (1099 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
PackageArchitecture: all
SourcePackage: ufw
UpgradeStatus: Upgraded to wily on 2015-02-28 (238 days ago)
mtime.conffile..etc.ufw.sysctl.conf: 2015-08-08T23:49:55.322401

Revision history for this message
Saikrishna Arcot (saiarcot895) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.36-1

---------------
ufw (0.36-1) unstable; urgency=medium

  * New upstream release (LP: #1782384, LP: #1664133, LP: #1509725,
    LP: #1695718, LP: #1719211, LP: #1775043, LP: #1204579, LP: #1652163,
    LP: #1377600, Closes: 686248, LP: #1368411, LP: #1586258, Closes: 909163,
    Closes: 884932, LP: #1558068)
    - drop 0002-bug849628.patch (included upstream)
    - drop 0003-use-default-tcp-syncookies.patch (included upstream)
    - drop 0004-lp1633698.patch (included upstream)
  * Remaining changes:
    - 0001-optimize-boot.patch
  * debian/ufw.maintscript: remove /etc/bash_completion.d/ufw on upgrade
    (LP: #1602834)
  * debian/control: remove no longer needed xs-python-version and
    x-python3-version fields
  * update debian/before6.rules.md5sum for file shipped in 0.35-6. While both
    before.rules and before6.rules were updated in this new upstream release,
    0.35-6 mistakenly already had its own md5sum for before.rules, so we don't
    need to add it now.

 -- Jamie Strandboge <email address hidden> Fri, 14 Dec 2018 17:50:47 +0000

Changed in ufw (Ubuntu):
status: New → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Proposed package upload rejected

An upload of ufw to cosmic-proposed has been rejected from the upload queue for the following reason: "All bugs mentioned in the .changes file (so therefore also in the new debian/changelog entries) need to comply with SRU standards (test-case, regression potential). Please re-upload after filling out the required info or modify changelog to exclude irrelevant bug numbers.".

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.