"after-logging" rules are not loaded by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
version :ufw version 0.29.1 (built from source)
OS : Zenwalk 6.2
Description :
When starting ufw, in "ufw-init-
(...)
# setup ufw${type}-user chain
if [ -s "$USER_PATH" ]; then
if ! $exe-restore -n < $USER_RULES ; then
fi
(...)
The important part is the "iptables-restore" stuff that will load user.rules and create new chains accordingly. In particular, in my case, it creates "*-after-logging" rules (cause these ones have been saved in user.rules file).
However, later on in the code, one can find :
(...)
# setup ufw${type}
if ! $exe -L ufw${type}
fi
(...)
so the condition is not met, and "after-logging" rules are not added to the builtin chains.
this lead to dropped packets not being logged at all at any loglevel.
Evidence :
(...)
root[src]# iptables -L INPUT
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
(...)
Changed in ufw: | |
status: | In Progress → Fix Committed |
Thank you for using ufw and taking the time to report a bug.
For a little background, if you haven't already, see the Chains section in the README in the source or /usr/share/ doc/ufw/ README. gz on Debian-based systems.
I don't see the problem here: logging- input all -- 0.0.0.0/0 0.0.0.0/0
$ sudo iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
...
ufw-after-
...
Chain FORWARD (policy DROP) logging- forward all -- 0.0.0.0/0 0.0.0.0/0
target prot opt source destination
...
ufw-after-
...
Chain OUTPUT (policy ACCEPT) logging- output all -- 0.0.0.0/0 0.0.0.0/0
target prot opt source destination
...
ufw-after-
...
Can you give the steps to reproduce your problem and what you expect the behavior to be? Thanks!