ufw allow filtering pre-empts limit filtering
Bug #1089262 reported by
Gary Gapinski
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw (Ubuntu) |
Fix Released
|
Low
|
Jamie Strandboge |
Bug Description
Version: ufw 0.33-0ubuntu2
Description: Ubuntu 12.10
Release: 12.10
ufw:
Installed: 0.33-0ubuntu2
Candidate: 0.33-0ubuntu2
Version table:
*** 0.33-0ubuntu2 0
500 http://
100 /var/lib/
It appears that limit filtering is pre-empted by allow filtering.
If I execute the commands
ufw allow OpenSSH
ufw limit ssh/tcp
the resulting ufw-user-input chain appears to allow SSH prior to imposing rate limiting, because the accept rule for ssh appears earlier in the chain than the ufw-user-limit rule for ssh.
I would have expected rate limiting to occur prior to general acceptance.
Regards,
Gary
Related branches
To post a comment you must log in.
I must note that reversing the order of commands achieves the correct chain rule order (found belatedly after bug submission).
While this is documented in the man page for ufw, I suspect rate limiting should always take precedence.