should restrict multicast more
Bug #740256 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Fix Released
|
Medium
|
Jamie Strandboge | ||
ufw (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Natty |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
Binary package hint: ufw
The intent of the multicast rules in ufw was always for mDNS service discovery. The rules that are currently present allow more than is required to achieve this goal. Specifically, before.rules should have only:
# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
and before6.rules should have only:
# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw6-before-input -p udp -d ff02::fb --dport 5353 -j ACCEPT
Related branches
Changed in ufw (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in ufw (Ubuntu Lucid): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in ufw (Ubuntu Maverick): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in ufw: | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
importance: | Undecided → Medium |
status: | New → Fix Committed |
Changed in ufw (Ubuntu Natty): | |
status: | In Progress → Fix Committed |
no longer affects: | ufw (Ubuntu Lucid) |
no longer affects: | ufw (Ubuntu Maverick) |
To post a comment you must log in.
This was fixed in ufw 0.30.1.