Purging ufw causes system lockup with NFS-root

Bug #524395 reported by Sebastian J. Bronner on 2010-02-19
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)
Jamie Strandboge

Bug Description

Binary package hint: ufw

System where problem was experienced:

Package Version: ufw
Description: Ubuntu 8.04.4 LTS
Release: 8.04

Problem still exists in current karmic. Verified with

Package Version ufw: 0.29-4ubuntu1
Description: Ubuntu 9.10
Release: 9.10

Problem Description:

When purging ufw, a system using NFS for its root file-system and having a firewall configuration with policy DROP hangs irrevocably. The reason for this is the order the ufw.postrm script clears the firewall:

Step 1 - iptables -F

This removes all rules allowing network traffic to the NFS server, _the server hangs_ trying to execute the next step because it can't read the executable from the filesystem.

Step 2 - iptables -X
Step 3 - iptables -P INPUT ACCEPT
Step 4 - iptables -P OUTPUT ACCEPT
Step 5 - iptables -P FORWARD ACCEPT

Solution Suggestion:

Putting steps 3-5 _before_ steps 1-2 would completely solve this problem.

Related branches

Jamie Strandboge (jdstrand) wrote :

Thanks Sebastian for the excellent report. I've committed the change to trunk and will get this into the development release of Ubuntu on my next upload.

Changed in ufw (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.30pre1-0ubuntu2

ufw (0.30pre1-0ubuntu2) lucid; urgency=low

  * debian/postrm: adjust ordering of commands so that NFS mounted root
    filesystems can still access iptables. Thanks to Sebastian J. Bronner
    for discovering the issue and describing the fix. (LP: #524395)
  * merge fix from trunk for UnicodeDecodeError in get_status() (LP: #531886)
 -- Jamie Strandboge <email address hidden> Fri, 05 Mar 2010 11:03:46 -0600

Changed in ufw (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers