rules disappear at random intervals
Bug #1842333 reported by
mfellman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Invalid
|
Undecided
|
Unassigned |
Bug Description
I have a system where every failed login will result in a DENY rule in ufw so I stop further attacks. This results in a lot of rules generated. I found out that sometimes the ALLOW rules (at the end of the user.rules file) disappear sometimes. Just now I had over 2200 rules before and after an update I had only 700+ rules left.
It is version 0.36
I tested the amount of rules with ufw status|grep DENY|wc -l
To post a comment you must log in.
Thank you for reporting a bug. What software are you using to add the DENY rules? Note that fail2ban will timeout the deny rules and remove them periodically, but that shouldn't remove the ALLOW rules but also note that the ufw status listing groups things together: incoming, then outgoing then route (forward) rules and within each groups, ipv4 first then ipv6.
Can you (perhaps from backups) provide the following from when you had 2200 rules:
$ mkdir /tmp/ufw
$ sudo ufw show raw > /tmp/ufw/raw
$ sudo tar -zcvf /tmp/1842333.tar.gz /tmp/ufw /etc/default/ufw
/etc/ufw /lib/ufw
then attach to this bug /tmp/1842333. tar.gz? (or send to me privately if you prefer).
Please do it again with the 700 rules and attach as /tmp/1842333_ after.tar. gz