ufw

log level behavior does not agree with man page

Bug #1461701 reported by Shawn Morford
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw
Fix Released
Low
Unassigned

Bug Description

ufw version: ufw 0.34~rc-0ubuntu2
OS version: Linux fserver 3.13.0-53-generic #89-Ubuntu SMP Wed May 20 10:34:39 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

According to the ufw(8) man page, the 'low' logging level "logs all blocked packets not matching the default policy (with rate limiting), as well as packets matching logged rules". In particular, the phrase "not matching the default policy" implies that, in a default-deny environment, only packets which are explicitly blocked by a user rule should be logged; packets that fall through to the end of the chain should be handled silently.

In practice, however, the opposite seems to be the case. When logging is enabled, ufw inserts a catch-all LOG rule into the 'ufw-after-logging-input' chain, logging any packets that are not handled by user rules. Meanwhile, packets that do match user rules do not generate any log entries.

Please either change the log functionality to match what is stated or update the documentation to be more clear.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using ufw and reporting a bug. I agree the man page needs to be updated.

Changed in ufw:
status: New → Fix Committed
importance: Undecided → Low
milestone: none → 0.34
Changed in ufw:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.