touch-preview-images

Bug #1191197
Comment #0

Comment 0 for bug 1191197

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-06-15:

The phablet image kernels (tested on nexus 4 and nexus 7) don't have enough netfilter options enabled to use ufw. ufw is the default firewall in Ubuntu and the network-indicator will have firewall support for the converged device if not sooner. ufw has a tool to test if the necessary kernel config is setup-- can we get our phablet kernel config to pass these tests? (note, test that are 'FAIL (no runtime support)' don't strictly have to be enabled, though it would be nice).

To test:

$ sudo apt-get install ufw
$ sudo /usr/share/ufw/check-requirements
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass

== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass

FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support

To test:

$ sudo apt-get install ufw
$ sudo /usr/share/ufw/check-requirements 
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support