invalid packets are logged at loglevel low

Bug #480789 reported by Jamie Strandboge on 2009-11-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw
High
Jamie Strandboge
ufw (Ubuntu)
High
Jamie Strandboge
Karmic
High
Jamie Strandboge
Lucid
High
Jamie Strandboge

Bug Description

Binary package hint: ufw

The man page has:
medium log level low, plus all allowed packets not matching the default
              policy, all INVALID packets, and all new connections. All log‐
              ging is done with rate limiting.

The code has:
                    if self.loglevels[level] >= self.loglevels["medium"]:
                        # only log INVALID in medium and higher
                        rules_t.append([c, ['-I', c, '-m', 'state', \
                                            '--state', 'INVALID', \
                                            '-j', 'RETURN'] + largs, ''])

This should be '<' self.loglevels["medium"]: so that the RETURN rule is added for 'low' and lower.

Changed in ufw:
status: New → Fix Committed
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in ufw (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: New → Triaged
Jamie Strandboge (jdstrand) wrote :

TEST CASE

This is what should happen:
$ sudo ufw logging on
Logging enabled
$ sudo iptables-save |grep 'ufw-logging-deny .* RETURN'
-A ufw-logging-deny -m state --state INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
$ sudo ufw logging medium
Logging enabled
$ sudo iptables-save |grep 'ufw-logging-deny .* RETURN'
$

Jamie Strandboge (jdstrand) wrote :

Fixed in 0.29.1

Changed in ufw:
status: Fix Committed → Fix Released
Changed in ufw (Ubuntu):
status: Triaged → In Progress
Changed in ufw:
importance: Undecided → High
Changed in ufw (Ubuntu):
importance: Undecided → High
Changed in ufw (Ubuntu Karmic):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Jamie Strandboge (jdstrand)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.29.1-1

---------------
ufw (0.29.1-1) unstable; urgency=low

  * new upstream release, fixing LP: #459925 and LP: #480789
  * debian/postinst: run 'ufw logging <log level>' to update the user
    rules for logging (this action does nothing when ufw is not enabled)
  * debian/ufw.upstart.ubuntu: don't use 'quiet' since we also now look for
    QUIET
  * debian/rules:
    - only install upstart on Ubuntu 9.10 and later
    - use $(PYTHON) with setup.py

ufw (0.29-5) unstable; urgency=low

  * reduce console output when using Upstart so that ufw is quiet when
    ufw is disabled or enabled and no errors
    - src/ufw-init: add add 'quiet' option on start
    - debian/ufw.upstart.ubuntu: use 'quiet' option on start
  * Debconf translation updates:
    - Vietnamese (thanks to Clytie Siddall. closes: #547919)
 -- Jamie Strandboge <email address hidden> Mon, 30 Nov 2009 21:31:38 +0000

Changed in ufw (Ubuntu Lucid):
status: In Progress → Fix Released
Changed in ufw (Ubuntu Karmic):
status: In Progress → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers