2013-06-15 01:55:08 |
Jamie Strandboge |
bug |
|
|
added bug |
2013-06-15 02:01:29 |
Jamie Strandboge |
description |
The phablet image kernels (tested on nexus 4 and nexus 7) don't have enough netfilter options enabled to use ufw. ufw is the default firewall in Ubuntu and the network-indicator will have firewall support for the converged device if not sooner. ufw has a tool to test if the necessary kernel config is setup-- can we get our phablet kernel config to pass these tests? (note, test that are 'FAIL (no runtime support)' don't strictly have to be enabled, though it would be nice).
To test:
$ sudo apt-get install ufw
$ sudo /usr/share/ufw/check-requirements
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support |
The phablet image kernels (tested on nexus 4 and nexus 7) don't have enough netfilter options enabled to use ufw. ufw is the default firewall in Ubuntu and the network-indicator will have firewall support for the converged device if not sooner. ufw has a tool to test if the necessary kernel config is setup-- can we get our phablet kernel config to pass these tests? (note, test that are 'FAIL (no runtime support)' don't strictly have to be enabled, though it would be nice).
To test:
$ sudo apt-get install ufw
$ sudo /usr/share/ufw/check-requirements
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support
In addition to the above, I noticed these IPV6 rules also fail (I need to add a check to check-requirements for that):
-A ufw6-before-input -m rt --rt-type 0 -j DROP
-A ufw6-before-forward -m rt --rt-type 0 -j DROP
-A ufw6-before-output -m rt --rt-type 0 -j DROP |
|
2013-06-15 12:43:06 |
Jamie Strandboge |
bug task added |
|
ufw (Ubuntu) |
|
2013-06-15 12:45:31 |
Jamie Strandboge |
ufw (Ubuntu): status |
New |
In Progress |
|
2013-06-15 12:45:31 |
Jamie Strandboge |
ufw (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
2013-06-15 13:01:48 |
Jamie Strandboge |
bug task added |
|
linux-nexus4 (Ubuntu) |
|
2013-06-15 13:02:02 |
Jamie Strandboge |
bug task added |
|
linux-nexus7 (Ubuntu) |
|
2013-06-15 13:04:34 |
Jamie Strandboge |
tags |
|
bot-stop-nagging |
|
2013-06-15 13:07:20 |
Jamie Strandboge |
description |
The phablet image kernels (tested on nexus 4 and nexus 7) don't have enough netfilter options enabled to use ufw. ufw is the default firewall in Ubuntu and the network-indicator will have firewall support for the converged device if not sooner. ufw has a tool to test if the necessary kernel config is setup-- can we get our phablet kernel config to pass these tests? (note, test that are 'FAIL (no runtime support)' don't strictly have to be enabled, though it would be nice).
To test:
$ sudo apt-get install ufw
$ sudo /usr/share/ufw/check-requirements
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support
In addition to the above, I noticed these IPV6 rules also fail (I need to add a check to check-requirements for that):
-A ufw6-before-input -m rt --rt-type 0 -j DROP
-A ufw6-before-forward -m rt --rt-type 0 -j DROP
-A ufw6-before-output -m rt --rt-type 0 -j DROP |
The phablet image kernels (tested on nexus 4 and nexus 7) don't have enough netfilter options enabled to use ufw. ufw is the default firewall in Ubuntu and the network-indicator will have firewall support for the converged device if not sooner. ufw has a tool to test if the necessary kernel config is setup-- can we get our phablet kernel config to pass these tests? (note, test that are 'FAIL (no runtime support)' don't strictly have to be enabled, though it would be nice).
To test:
$ sudo apt-get install ufw
$ sudo /usr/share/ufw/check-requirements
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support
In addition to the above, I noticed these IPV6 rules also fail (I need to add a check to check-requirements for that):
-A ufw6-before-input -m rt --rt-type 0 -j DROP
-A ufw6-before-forward -m rt --rt-type 0 -j DROP
-A ufw6-before-output -m rt --rt-type 0 -j DROP
I added tasks for the linux-nexus4 and linux-nexus7 kernels. Not sure what other kernels should be added, if any. |
|
2013-06-15 13:27:34 |
Jamie Strandboge |
ufw (Ubuntu): status |
In Progress |
Fix Committed |
|
2013-06-15 13:37:49 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/saucy/ufw/saucy-proposed |
|
2013-06-15 14:32:24 |
Launchpad Janitor |
ufw (Ubuntu): status |
Fix Committed |
Fix Released |
|
2013-06-17 14:58:48 |
Jamie Strandboge |
description |
The phablet image kernels (tested on nexus 4 and nexus 7) don't have enough netfilter options enabled to use ufw. ufw is the default firewall in Ubuntu and the network-indicator will have firewall support for the converged device if not sooner. ufw has a tool to test if the necessary kernel config is setup-- can we get our phablet kernel config to pass these tests? (note, test that are 'FAIL (no runtime support)' don't strictly have to be enabled, though it would be nice).
To test:
$ sudo apt-get install ufw
$ sudo /usr/share/ufw/check-requirements
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support
In addition to the above, I noticed these IPV6 rules also fail (I need to add a check to check-requirements for that):
-A ufw6-before-input -m rt --rt-type 0 -j DROP
-A ufw6-before-forward -m rt --rt-type 0 -j DROP
-A ufw6-before-output -m rt --rt-type 0 -j DROP
I added tasks for the linux-nexus4 and linux-nexus7 kernels. Not sure what other kernels should be added, if any. |
The phablet image kernels (tested on nexus 4 and nexus 7) don't have enough netfilter options enabled to use ufw. ufw is the default firewall in Ubuntu and the indicator-network will have firewall support for the converged device if not sooner. ufw has a tool to test if the necessary kernel config is setup-- can we get our phablet kernel config to pass these tests? (note, test that are 'FAIL (no runtime support)' don't strictly have to be enabled, though it would be nice).
To test:
$ sudo apt-get install ufw
$ sudo /usr/share/ufw/check-requirements
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support
In addition to the above, I noticed these IPV6 rules also fail (I need to add a check to check-requirements for that):
-A ufw6-before-input -m rt --rt-type 0 -j DROP
-A ufw6-before-forward -m rt --rt-type 0 -j DROP
-A ufw6-before-output -m rt --rt-type 0 -j DROP
I added tasks for the linux-nexus4 and linux-nexus7 kernels. Not sure what other kernels should be added, if any. |
|
2013-06-17 15:09:05 |
Joseph Salisbury |
ufw (Ubuntu): importance |
Undecided |
Medium |
|
2013-06-17 15:09:07 |
Joseph Salisbury |
linux-nexus7 (Ubuntu): importance |
Undecided |
Medium |
|
2013-06-17 15:09:09 |
Joseph Salisbury |
linux-nexus4 (Ubuntu): importance |
Undecided |
Medium |
|
2013-06-17 15:09:41 |
Joseph Salisbury |
tags |
bot-stop-nagging |
bot-stop-nagging nexus4-kernel nexus7-kernel |
|
2013-06-17 15:10:09 |
Joseph Salisbury |
tags |
bot-stop-nagging nexus4-kernel nexus7-kernel |
bot-stop-nagging kernel-da-key nexus4-kernel nexus7-kernel |
|
2013-06-17 15:10:47 |
Joseph Salisbury |
touch-preview-images: status |
New |
Confirmed |
|
2013-06-17 15:10:49 |
Joseph Salisbury |
linux-nexus4 (Ubuntu): status |
New |
Confirmed |
|
2013-06-17 15:10:51 |
Joseph Salisbury |
linux-nexus7 (Ubuntu): status |
New |
Confirmed |
|
2013-06-17 15:19:10 |
Tim Gardner |
affects |
linux-nexus4 (Ubuntu) |
linux-mako (Ubuntu) |
|
2013-06-17 15:19:10 |
Tim Gardner |
linux-mako (Ubuntu): status |
Confirmed |
In Progress |
|
2013-06-17 15:19:10 |
Tim Gardner |
linux-mako (Ubuntu): assignee |
|
Tim Gardner (timg-tpi) |
|
2013-06-17 15:19:51 |
Tim Gardner |
affects |
linux-nexus7 (Ubuntu) |
linux-grouper (Ubuntu) |
|
2013-06-17 15:19:51 |
Tim Gardner |
linux-grouper (Ubuntu): status |
Confirmed |
In Progress |
|
2013-06-17 15:19:51 |
Tim Gardner |
linux-grouper (Ubuntu): assignee |
|
Tim Gardner (timg-tpi) |
|
2013-06-17 19:40:15 |
Tim Gardner |
bug task added |
|
linux-maguro (Ubuntu) |
|
2013-06-17 19:40:27 |
Tim Gardner |
linux-maguro (Ubuntu): status |
New |
In Progress |
|
2013-06-17 19:40:27 |
Tim Gardner |
linux-maguro (Ubuntu): assignee |
|
Tim Gardner (timg-tpi) |
|
2013-06-17 20:11:37 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/saucy-proposed/linux-grouper |
|
2013-06-17 21:11:50 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/saucy-proposed/linux-maguro |
|
2013-06-18 06:47:26 |
Launchpad Janitor |
linux-mako (Ubuntu): status |
In Progress |
Fix Released |
|
2013-06-18 06:47:37 |
Launchpad Janitor |
linux-grouper (Ubuntu): status |
In Progress |
Fix Released |
|
2013-06-18 06:47:44 |
Launchpad Janitor |
linux-maguro (Ubuntu): status |
In Progress |
Fix Released |
|
2013-06-18 13:12:38 |
Tim Gardner |
bug task added |
|
linux-manta (Ubuntu) |
|
2013-06-18 13:12:52 |
Tim Gardner |
linux-manta (Ubuntu): status |
New |
In Progress |
|
2013-06-18 13:12:52 |
Tim Gardner |
linux-manta (Ubuntu): assignee |
|
Tim Gardner (timg-tpi) |
|
2013-06-18 15:17:24 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/saucy-proposed/linux-manta |
|
2013-06-18 22:14:24 |
Launchpad Janitor |
linux-manta (Ubuntu): status |
In Progress |
Fix Released |
|
2013-06-25 15:41:44 |
Jamie Strandboge |
touch-preview-images: status |
Confirmed |
Fix Released |
|