interface related rules appear active after deletion

Bug #1698751 reported by Tal Ziv
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Hi,

In ufw 0.35 in Ubuntu 16.04.2 LTS , when deleting the following format rule:
ufw allow in on eth0 to any port 8080 proto tcp

the rule is actually deleted and the port is blocked, But when issuing 'ufw show added'
the rule is still there.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using ufw and reporting a bug. I cannot reproduce this:

$ sudo ufw allow OpenSSH
$ sudo ufw enable
$ sudo ufw show added
Added user rules (see 'ufw status' for running firewall):
ufw allow OpenSSH

$ sudo ufw allow in on eth0 to any port 8080 proto tcp
Rule added
Rule added (v6)
$ sudo ufw show added
Added user rules (see 'ufw status' for running firewall):
ufw allow OpenSSH
ufw allow in on eth0 to any port 8080 proto tcp

$ sudo ufw delete allow in on eth0 to any port 8080 proto tcp
Rule deleted
Rule deleted (v6)
$ sudo ufw show added
Added user rules (see 'ufw status' for running firewall):
ufw allow OpenSSH

The rule you added (as you can see from the above) is generic enough to be applied to *both* IPv4 and IPv6. Did you delete the rule in the manner I did above, or did you use 'ufw delete NUMBER'. When using 'delete NUMBER' ufw will only delete the rule specified and will not assume you want other numbered rules to be deleted also. Eg:

$ sudo ufw allow in on eth0 to any port 8080 proto tcp
Rule added
Rule added (v6)
$ sudo ufw show added
Added user rules (see 'ufw status' for running firewall):
ufw allow OpenSSH
ufw allow in on eth0 to any port 8080 proto tcp
$ sudo ufw status numbered
Status: active

     To Action From
     -- ------ ----
[ 1] OpenSSH ALLOW IN Anywhere
[ 2] 8080/tcp on eth0 ALLOW IN Anywhere
[ 3] OpenSSH (v6) ALLOW IN Anywhere (v6)
[ 4] 8080/tcp (v6) on eth0 ALLOW IN Anywhere (v6)

$ sudo ufw delete 2
Deleting:
 allow in on eth0 to any port 8080 proto tcp
Proceed with operation (y|n)? y
Rule deleted
$ sudo ufw status numbered
Status: active

     To Action From
     -- ------ ----
[ 1] OpenSSH ALLOW IN Anywhere
[ 2] OpenSSH (v6) ALLOW IN Anywhere (v6)
[ 3] 8080/tcp (v6) on eth0 ALLOW IN Anywhere (v6)

$ sudo ufw show added
Added user rules (see 'ufw status' for running firewall):
ufw allow OpenSSH
ufw allow in on eth0 to any port 8080 proto tcp

The above is expected and intended behavior.

Changed in ufw (Ubuntu):
status: New → Incomplete
Revision history for this message
Tal Ziv (talz1979) wrote :

Hi,

This is exactly what happened, so if this is expected and intended behavior, This bug can be closed.

Thank you for the explanation.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for getting back to me. I'll mark this as Invalid based on your feedback. Please feel free to report other bugs you may find.

Changed in ufw (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.