ufw

ufw show raw reset counters

Bug #1847612 reported by Patel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw
Fix Released
Low
Unassigned

Bug Description

Hello

ufw --version
ufw 0.36

on Ubuntu 18.04 LTS

0.35 on Ubuntu 16.04 LTS and github version on Ubuntu 18.04 LTS
behave similarly.

Problem

>sudo iptables -L -n -v
Chain INPUT (policy DROP 2 packets, 80 bytes)
(...à

>sudo ufw show raw
IPV4 (raw):
Chain INPUT (policy DROP 0 packets, 0 bytes)

The counter is reset to 0 (all global counters are reset as well)

that's because of self.initcaps() by default calling iptables -N to create a new test chain.
Changing code like this avoids the counter reset:

--- backend_iptables.py.ori 2016-02-18 06:26:44.000000000 +0100
+++ backend_iptables.py 2019-10-10 15:06:45.440223758 +0200
@@ -170,7 +170,10 @@
             return out

         # Initialize the capabilities database
+ sav = self.do_checks
+ self.do_checks = False
         self.initcaps()
+ self.do_checks = sav

         args = ['-n', '-v', '-x', '-L']
         items = []

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for your report and analysis! I'll fix this along with a few other things in the next release of ufw.

Changed in ufw:
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Patel (gp451ly) wrote :

3 years after... this has never been fixed, however in recent Ubuntu version - I tested on 22.04 (based on nftables, 1.8.7) iptables -N <chain> do not reset the counters so this bug don't apply to this version.
It still applies to Ubuntu 18.04 and 20.0.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting back and I'm glad to hear that the nftables backend is fixed for this scenario. Do note that initcaps() needs to create the test chain since the capabilities are queried for the raw output. It is possible to solve this for the legacy backend in a different way than was suggested (eg, perhaps creating a cache of the capabilities when ufw is started and storing that in /run until the next reboot (since they shouldn't change until after a reboot). There are other ways to solve it), but since the nftables backend resolves this and this is the default going forward, I'm going mark this as fixed.

Changed in ufw:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.