iptables-persistent

iptables-persistent update clobbers existing rules

Bug #1956854 reported by Chris Osgood on 2022-01-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	iptables-persistent	New	Undecided	Unassigned

Bug Description

Running a minimal Ubuntu 20.04 on a server. The server has iptables-persistent installed and also uses iptables rules loaded in stages after boot or by various daemons to control multiple internal networks, spam, and stop attacks on the server.

I just did an upgrade which updated iptables-persistent to 1.0.14ubuntu1. When this update was applied it totally trashed the iptables rules including hundreds of existing active entries in the kernel and the file at /etc/iptables/rules.v4. Nothing was correct and the server was in some sort of weird amalgamation of failsafe mode and partial rules from another stage. I had to restore /etc/iptables/rules.v4 from a backup.

I don't think iptables-persistent should ever change any existing configuration files or change the existing rules in the kernel, especially without asking. This was unexpected behavior that could have led to a security breach.

Am I using iptables-persistent wrong?

Chris Osgood (ubuntu-functionalfuture) on 2022-01-09

description:	updated
Changed in sbcl:
status:	New → Invalid
status:	Invalid → New
affects:	sbcl → ubuntu-ubuntu-server
description:	updated

Chris Osgood (ubuntu-functionalfuture) on 2022-01-09

affects:

ubuntu-ubuntu-server → iptables-persistent

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.