UFW snap prevents internet access at boot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Expired
|
Undecided
|
Unassigned |
Bug Description
ufw stable snap 0.36
At launch, there appears to be some capability issues with the snap that means all traffic gets blocked.
In my system log I get the following errors with the snap at boot.
Dec 1 15:38:47 anon-desktop kernel: [ 127.568645] audit: type=1400 audit(157521472
Dec 1 15:38:47 anon-desktop kernel: [ 127.568649] audit: type=1400 audit(157521472
Dec 1 15:38:47 anon-desktop kernel: [ 127.569170] audit: type=1400 audit(157521472
Dec 1 15:38:47 anon-desktop kernel: [ 127.570067] audit: type=1400 audit(157521472
Dec 1 15:38:47 anon-desktop kernel: [ 127.570070] audit: type=1400 audit(157521472
Dec 1 15:38:47 anon-desktop kernel: [ 127.620748] audit: type=1400 audit(157521472
Dec 1 15:38:47 anon-desktop kernel: [ 127.620751] audit: type=1400 audit(157521472
Dec 1 15:38:47 anon-desktop kernel: [ 127.623597] audit: type=1400 audit(157521472
Dec 1 15:39:00 anon-desktop kernel: [ 139.842455] audit: type=1400 audit(157521474
Dec 1 15:39:00 anon-desktop kernel: [ 139.842461] audit: type=1400 audit(157521474
Dec 1 15:39:00 anon-desktop kernel: [ 139.902787] audit: type=1400 audit(157521474
Dec 1 15:39:00 anon-desktop kernel: [ 139.902789] audit: type=1400 audit(157521474
Dec 1 15:39:00 anon-desktop kernel: [ 140.018105] audit: type=1400 audit(157521474
Dec 1 15:39:00 anon-desktop kernel: [ 140.018109] audit: type=1400 audit(157521474
Dec 1 15:39:01 anon-desktop kernel: [ 140.094153] audit: type=1400 audit(157521474
Dec 1 15:39:01 anon-desktop kernel: [ 140.094158] audit: type=1400 audit(157521474
The only way I get internet is doing ufw disable, at which point i get traffic again. My guess is there are some issues with capabilities with the snap and apparmor.
My distribution is kubuntu 19.10.
Thanks for your bug report and for using ufw.
On Ubuntu 19.10, I cannot reproduce this:
$ sudo apt-get remove --purge ufw
$ sudo snap install ufw
$ sudo ufw status
Status: inactive
$ sudo ufw allow 22/tcp
Rules updated
Rules updated (v6)
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
$ journalctl |grep DENIED
$
Can you provide steps to reproduce?