iptables-save duplicates libvirt and ufw rules on iptables-restore with iptables-persistent

Bug #1476041 reported by Vindicator
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
iptables (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

libvirt and ufw have their own .rule files that they'll load on boot.

If you want to use iptables-persistent to restore rules you set using iptables, there will be duplicate entries once libvirt and ufw also load their rules on boot.

Chain OUTPUT (policy ACCEPT 1780 packets, 323K bytes)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68
    0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: iptables 1.4.21-2ubuntu2
Uname: Linux 4.1.1-040101-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
Date: Sun Jul 19 15:04:53 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-06-18 (31 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
ProcEnviron:
 LANGUAGE=en_US
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: iptables
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Vindicator (vindicator) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in iptables (Ubuntu):
status: New → Confirmed
Changed in iptables (Ubuntu):
importance: Undecided → Medium
Revision history for this message
MikeR (mike-rechtman) wrote :

Happens on 14.04 Ubuntu. As far as I know I have neither installed or defined ufw or libvirt.
However after every reboot I have to list:
sudo iptables -L INPUT --line-numbers, and delete duplicate fail2ban-* entries.

Revision history for this message
Oibaf (oibaf) wrote :

Is this issue still reproducible on a newer Ubuntu?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.