ufw

log level behavior does not agree with man page

Bug #1461701 reported by Shawn Morford on 2015-06-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ufw	Fix Released	Low	Unassigned	ufw 0.34

Bug Description

ufw version: ufw 0.34~rc-0ubuntu2
OS version: Linux fserver 3.13.0-53-generic #89-Ubuntu SMP Wed May 20 10:34:39 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

According to the ufw(8) man page, the 'low' logging level "logs all blocked packets not matching the default policy (with rate limiting), as well as packets matching logged rules". In particular, the phrase "not matching the default policy" implies that, in a default-deny environment, only packets which are explicitly blocked by a user rule should be logged; packets that fall through to the end of the chain should be handled silently.

In practice, however, the opposite seems to be the case. When logging is enabled, ufw inserts a catch-all LOG rule into the 'ufw-after-logging-input' chain, logging any packets that are not handled by user rules. Meanwhile, packets that do match user rules do not generate any log entries.

Please either change the log functionality to match what is stated or update the documentation to be more clear.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2015-07-20:

Thank you for using ufw and reporting a bug. I agree the man page needs to be updated.

Changed in ufw:
status:	New → Fix Committed
importance:	Undecided → Low
milestone:	none → 0.34

Jamie Strandboge (jdstrand) on 2015-08-20

Changed in ufw:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.