Add a UFW firewall config to support QUIC

Bug #2062058 reported by Marcus Bointon
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Fix Released
Mitchell Dzurick
Won't Fix

Bug Description

New feature, not a bug

nginx 1.25 adds support for QUIC + HTTP/3, which is typically deployed over UDP port 443. This option is not included in the provided UFW applications, so this PR adds it. Note that it is not done as a standalone app (i.e. with only QUIC) because it's usually combined with regular HTTPS on TCP port 443 along with an Alt-Svc header to inform clients of its presence.
This is a fairly recent addition to nginx (added to mainline a year ago), not applicable to older distros, so this may be better merged into whichever of your future release branches would be more appropriate.

I submitted the same change as a PR to Debian some time ago:

Also this question:

Revision history for this message
Marcus Bointon (marcus-synchromedia) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Patch to add QUIC UFW config" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Hi Marcus,

Thanks for making this bug report!

To answer your question[0] on why we have version 1.24 instead of 1.25, we stay up to date with debian for this package. Since debian is still on 1.24 that's what we have.

I'm curious if you were able to test the patch and if it worked for you, considering we are not on version 1.25.

With that said, this is already going into Debian so hopefully 1.25 gets updated in Debian for the next Ubuntu cycle and then we can just sync the changes. I'm adding the necessary tags to wait for next cycle to try and bring this in.

tags: added: needs-merge
tags: added: packaging
Changed in nginx (Ubuntu):
milestone: none → later
status: New → Triaged
Revision history for this message
Marcus Bointon (marcus-synchromedia) wrote :

Thanks Mitchell,

Well, I'm using 1.25 ubuntu package directly from the nginx repo, and this patch works just fine with that – it's only a simple addition to a UFW config file, not complicated.

You probably know this, but nginx's versioning system is slightly weird: even numbers (like 1.24) are "stable"; odd numbers (1.25) are "mainline" (considered somewhat experimental). So when 1.25 is considered stable, it will be released as 1.26, and mainline will move to 1.27.

I don't know when this is likely to happen, but I'm assuming not in time for noble next week, so "whenever" will have to do!

Thanks for tagging it appropriately; I'm not used to the workflow on here.

Thomas Ward (teward)
Changed in nginx (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Marcus Bointon (marcus-synchromedia) wrote :

FYI, my original Debian PR was just merged into the upstream 1.26-wip branch:

Presumably this will work its way down here at some point.

Revision history for this message
Thomas Ward (teward) wrote :

Note any Debian changes will appear in 24.10 release when merged in from Debian. Existing releases will k
not get this unless we decide to SRU it and this doesnt generally qualify for SRU inclusion.

Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Debian now has this merged in [0] and is available in debian release version 1.26.0-1 already. This is not yet in Oracular, but is planned to merge for Oracular so this can be expected there.

To echo Thomas' comment, this is not currently planned for Noble, and is unlikely to make it into Noble due to needing a major version update.

[0] -

Changed in nginx (Ubuntu):
milestone: later → ubuntu-24.10
Changed in nginx (Ubuntu Noble):
status: New → Won't Fix
Changed in nginx (Ubuntu):
assignee: nobody → Mitchell Dzurick (mitchdz)
importance: Wishlist → High
Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Hello, nginx versions 1.26.0-1ubuntu2 is now available for oracular. This contains the code from [0] and therefore should be available. I am closing this bug now.

[0] -

Changed in nginx (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.