gui-ufw modifies conffiles in ufw
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Gufw |
Fix Released
|
Critical
|
costales | ||
gui-ufw (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Package may not modify conffiles of other packages. See Debian/Ubuntu policy 10.7. gui-ufw modifies ufw's conffiles.
The conffiles currently shipped with ufw are:
/etc/ufw/
/etc/default/ufw
/etc/init.d/ufw
Looking at the main program for gui-ufw:
$ grep -n etc gufw.py
271: l_file = open("/
293: l_file = open("/
380: l_ufw = open("/
512: l_file = open("/
915: # Backup to /etc/ufw/
916: l_result = commands.
919: gufw.status.push(1, _("Error copying file /etc/ufw/
922: gufw.status.push(1, _("Created /etc/ufw/
925: l_file = open("/
926: l_copy = open("/
957: # Backup to /etc/ufw/
958: l_result = commands.
961: gufw.status.push(1, _("Error copying file /etc/default/ufw"))
964: gufw.status.push(1, _("Created /etc/default/ufw copy"))
967: l_file = open("/
968: l_copy = open("/
2238: commands.
on lines 926 and 968 it opens a ufw conffile for writing (and later does so).
Related branches
Changed in gui-ufw: | |
importance: | Undecided → High |
Changed in gui-ufw: | |
assignee: | nobody → marcos.alvarez.costales |
importance: | Undecided → Critical |
status: | New → In Progress |
Changed in gui-ufw: | |
assignee: | marcos.alvarez.costales → nobody |
status: | Fix Committed → Confirmed |
Changed in gui-ufw: | |
assignee: | nobody → d.filoni |
status: | Confirmed → In Progress |
Changed in gui-ufw: | |
status: | In Progress → New |
IP masking and IP6 require by ufw (https:/ /help.ubuntu. com/8.04/ serverguide/ C/firewall. html) to modify the configuration files directly. As for the rest, we'll look into replacing them with ufw commands.
Additionally, the manpage for ufw 0.20 states that "Currently, ufw is a front-end for iptables-restore, with its rules saved in /etc/ufw/ before. rules, /etc/ufw/ after.rules and /var/lib/ ufw/user. rules. Administrators can customize before.rules and after.rules as desired using the standard iptables-restore syntax.", and this is the customization we make use of to provide the added functionality.
With ufw itself making us do this, we'll have to remove this added functionality from our program then...