log level behavior does not agree with man page
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Fix Released
|
Low
|
Unassigned |
Bug Description
ufw version: ufw 0.34~rc-0ubuntu2
OS version: Linux fserver 3.13.0-53-generic #89-Ubuntu SMP Wed May 20 10:34:39 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
According to the ufw(8) man page, the 'low' logging level "logs all blocked packets not matching the default policy (with rate limiting), as well as packets matching logged rules". In particular, the phrase "not matching the default policy" implies that, in a default-deny environment, only packets which are explicitly blocked by a user rule should be logged; packets that fall through to the end of the chain should be handled silently.
In practice, however, the opposite seems to be the case. When logging is enabled, ufw inserts a catch-all LOG rule into the 'ufw-after-
Please either change the log functionality to match what is stated or update the documentation to be more clear.
Changed in ufw: | |
status: | Fix Committed → Fix Released |
Thank you for using ufw and reporting a bug. I agree the man page needs to be updated.