Firewall not persistent
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firestarter (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: firestarter
Dapper, 386, plain vanilla pentium machine, wireless network, up to date as of Sep 9. Firestarter installed through synaptic package manager.
Firewall not persistent. After starting firestarter through System--> Administration --> Firestarter and user password, doing
sudo iptables -L -n
will give
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTAB LISHED
LSI all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.0.1 0.0.0.0/0 tcp flags:!0x17/0x0 2
ACCEPT udp -- 192.168.0.1 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec b urst 5
DROP all -- 0.0.0.0/0 255.255.255.255
DROP all -- 0.0.0.0/0 192.168.0.255
DROP all -- 224.0.0.0/8 0.0.0.0/0
DROP all -- 0.0.0.0/0 224.0.0.0/8
DROP all -- 255.255.255.255 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
and more, showing that indeed there is a firewall.
Restart the computer and doing
sudo iptables -L -n
will give
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
i.e. there is no firewall. The firewall will reappear only if Firestarter is started through its GUI.
The above is reproducible on two different machines. This is a security risk if an unaware user has any service running that faces the internet.
description: | updated |
description: | updated |
Changed in firestarter: | |
assignee: | nobody → ubuntu-security |
Changed in firestarter: | |
assignee: | ubuntu-security → nobody |
status: | Confirmed → New |
Changed in firestarter: | |
status: | New → Confirmed |
This is confirmed by another user. See:
http:// www.ubuntuforum s.org/showthrea d.php?t= 254906& highlight= firestarter