should restrict multicast more

Bug #740256 reported by Jamie Strandboge on 2011-03-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw
Medium
Jamie Strandboge
ufw (Ubuntu)
Medium
Jamie Strandboge
Natty
Medium
Jamie Strandboge

Bug Description

Binary package hint: ufw

The intent of the multicast rules in ufw was always for mDNS service discovery. The rules that are currently present allow more than is required to achieve this goal. Specifically, before.rules should have only:
# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT

and before6.rules should have only:
# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw6-before-input -p udp -d ff02::fb --dport 5353 -j ACCEPT

Related branches

Changed in ufw (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
status: New → In Progress
Changed in ufw (Ubuntu Lucid):
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in ufw (Ubuntu Maverick):
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in ufw:
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
status: New → Fix Committed
Jamie Strandboge (jdstrand) wrote :

This was fixed in ufw 0.30.1.

Changed in ufw:
status: Fix Committed → Fix Released
Changed in ufw (Ubuntu Natty):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.30.1-1ubuntu1

---------------
ufw (0.30.1-1ubuntu1) natty; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/rules: Don't install the upstream application profiles that are
      shipped with the Debian package.
    - debian/control: use ufw-0.30-natty for Vcs-Bzr

ufw (0.30.1-1) unstable; urgency=low

  * New upstream release which fixes the following:
    - LP: #501140
    - LP: #740249
    - LP: #740256
    - LP: #720605
  * debian/ufw.logrotate: remove upstartism thanks to Michael Biebl
    (Closes: 607696)
  * debian/sysctl.conf: merge in upstream (commented out) changes surrounding
    ipv6 forwarding and privacy addresses
  * debian/before*.rules.md5sum: updated for recent changes
 -- Jamie Strandboge <email address hidden> Tue, 22 Mar 2011 12:18:42 -0500

Changed in ufw (Ubuntu Natty):
status: Fix Committed → Fix Released
Adolfo Jayme (fitojb) on 2013-07-06
no longer affects: ufw (Ubuntu Lucid)
no longer affects: ufw (Ubuntu Maverick)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers