Ubuntu
ufw package

ufw loglevels don't log after reboot

Bug #459925 reported by Jamie Strandboge
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ufw
Fix Released
High
Jamie Strandboge
ufw (Ubuntu)
Fix Released
High
Jamie Strandboge
Ubuntu karmic-updates
Jaunty
Won't Fix
High
Jamie Strandboge
Karmic
Won't Fix
High
Jamie Strandboge
Lucid
Fix Released
High
Jamie Strandboge
Ubuntu karmic-updates

Bug Description

Binary package hint: ufw

ufw performs per-rule logging just fine, and it will perform logging after performing a 'ufw disable ; ufw enable', but does not add the necessary logging rules with ufw-init after a reboot. Eg:

$ diff ./save_after_start ./save_after_enable
...
73a74,75
> -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
> -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
91a94,95
> -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
> -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "

ProblemType: Bug
Architecture: amd64
Date: Sat Oct 24 13:07:22 2009
DistroRelease: Ubuntu 9.10
Package: ufw 0.29-4ubuntu1 [modified: lib/ufw/ufw-init]
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-generic
SourcePackage: ufw
Uname: Linux 2.6.31-14-generic x86_64

Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in ufw (Ubuntu):
status: New → Triaged
importance: Undecided → High
Jamie Strandboge (jdstrand)
Changed in ufw (Ubuntu Jaunty):
status: New → Triaged
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in ufw (Ubuntu Karmic):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in ufw (Ubuntu Jaunty):
importance: Undecided → High
Changed in ufw (Ubuntu Karmic):
milestone: none → karmic-updates
Changed in ufw (Ubuntu Jaunty):
milestone: none → jaunty-updates
Changed in ufw:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Jamie Strandboge (jdstrand)
Jamie Strandboge (jdstrand)
Changed in ufw:
status: Triaged → Fix Committed
Jamie Strandboge (jdstrand)
summary: - ufw not logging packets against default policy after reboot
+ ufw loglevels don't log after reboot
tags: removed: amd64 apport-bug
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

TEST CASE

$ sudo iptables-save|grep '^-.*logging' | wc -l
12
$ sudo ufw disable
$ sudo sed -i "s/^ENABLED=.*/ENABLED=yes/" /etc/ufw/ufw.conf
$ sudo /lib/ufw/ufw-init start
8

While the number of lines given by 'wc' will differ depending on the firewall configuration, the important thing is they should be the same. The above shows an unpatched ufw.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

UPDATED TEST CASE

I forgot to enable the firewall initially and left out the 2nd iptables-save command. Please use this test case instead:
$ sudo ufw enable
$ sudo iptables-save|grep '^-.*logging' | wc -l
12
$ sudo ufw disable
$ sudo sed -i "s/^ENABLED=.*/ENABLED=yes/" /etc/ufw/ufw.conf
$ sudo /lib/ufw/ufw-init start
$ sudo iptables-save|grep '^-.*logging' | wc -l
8

The output of the two iptables-save commands should be identical.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Fixed in 0.29.1

Changed in ufw:
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Lucid will be updated via a sync of 0.29.1-1 from Debian, once it is available.

Changed in ufw (Ubuntu Karmic):
status: Triaged → In Progress
Changed in ufw (Ubuntu Lucid):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.29.1-1

---------------
ufw (0.29.1-1) unstable; urgency=low

  * new upstream release, fixing LP: #459925 and LP: #480789
  * debian/postinst: run 'ufw logging <log level>' to update the user
    rules for logging (this action does nothing when ufw is not enabled)
  * debian/ufw.upstart.ubuntu: don't use 'quiet' since we also now look for
    QUIET
  * debian/rules:
    - only install upstart on Ubuntu 9.10 and later
    - use $(PYTHON) with setup.py

ufw (0.29-5) unstable; urgency=low

  * reduce console output when using Upstart so that ufw is quiet when
    ufw is disabled or enabled and no errors
    - src/ufw-init: add add 'quiet' option on start
    - debian/ufw.upstart.ubuntu: use 'quiet' option on start
  * Debconf translation updates:
    - Vietnamese (thanks to Clytie Siddall. closes: #547919)
 -- Jamie Strandboge <email address hidden> Mon, 30 Nov 2009 21:31:38 +0000

Changed in ufw (Ubuntu Lucid):
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Jaunty has been EOLd.

Changed in ufw (Ubuntu Jaunty):
status: Triaged → Won't Fix
milestone: jaunty-updates → none
Changed in ufw (Ubuntu Karmic):
milestone: karmic-updates → none
status: In Progress → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.