ufw errors during boot with upstart (/tmp not available)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw |
Fix Released
|
High
|
Jamie Strandboge | ||
ufw (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
ufw started emiting errors on boot, the same configuration worked perfectly on Karmic.
I was not able to find any traces of these errors in syslog-related files
The errors are emitted by iptables-restore, though I am not really sure what is being restored
init: ufw pre-start process (985) terminated with status 1
iptables-restore: line 2 failed
iptables-restore: line 2 failed
ip6tables-restore: line 2 failed
ip6tables-restore: line 2 failed
init: ufw pre-start process (1515) terminated with status 1
^ this repeats 3 times then modem-manager starts to print its plugins.
rtg@buzz:~/Videos$ ufw --version
ufw 0.29.3-0ubuntu1
Copyright 2008-2009 Canonical Ltd.
When system is finally booted it looks like it does not have ufw rules in iptables (will doublecheck this on next reboot).
When I attempt to enable ufw later on:
rtg@buzz:~/Videos$ sudo ufw enable
ERROR: problem running ufw-init
rtg@buzz:~/Videos$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: reject (incoming), allow (outgoing)
New profiles: skip
To Action From
-- ------ ----
Anywhere ALLOW IN 192.168.1.0/24
80/tcp (Apache) ALLOW IN Anywhere
22 ALLOW IN Anywhere
5060 ALLOW IN Anywhere
Anywhere ALLOW IN 192.168.122.0/24
24220 ALLOW IN Anywhere
Anywhere (v6) ALLOW IN 2001:470:
80/tcp (Apache (v6)) ALLOW IN Anywhere (v6)
22 ALLOW IN Anywhere (v6)
113/tcp ALLOW IN Anywhere (v6)
5060 ALLOW IN Anywhere (v6)
24220 ALLOW IN Anywhere (v6)
However, this is what gets in INPUT chain (libvirt is installed and being used)
Chain INPUT (policy DROP 93 packets, 25012 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
And all legitimate INPUT is being blocked.
I am attaching the content of my /lib/ufw and /etc/ufw directory.
I will be happy to provide any additional information. I will try to reproduce this on vm in case it is not clear what is happening from the description above.
P.S. i have ipv6-enabled link, so v6 rules really have to be there.
Changed in ufw: | |
status: | Incomplete → Triaged |
Changed in ufw: | |
status: | Triaged → In Progress |
summary: |
- ufw broke after upgrade from karmic to lucid + ufw errors during boot with upstart (/tmp not available) |
Changed in ufw: | |
status: | Fix Committed → Fix Released |
Thank you for using Ubuntu and taking the time to report a bug.
ufw saves its files as iptables-restore style files (/etc/ufw/ before* rules, /lib/ufw/user*rules and /etc/ufw/ after*rules) . Can you run the following commands and attach the resulting file (/tmp/521358.txt):
$ sudo sh -x /lib/ufw/ufw-init stop > /tmp/521358.txt 2>&1
$ sudo sh -x /lib/ufw/ufw-init start >> /tmp/521358.txt 2>&1