Package: ufw Version: 0.29.3-1 Concurrent invocation of 'ufw delete' leads to inconsistent state: While automatically removing blocked hosts after a certain amount of time I discovered the following behavior: | root@host:~# ufw insert 1 deny from 1.2.3.4 to any | Rule inserted | root@host:~# ufw insert 1 deny from 1.2.3.5 to any | Rule inserted | root@host:~# echo "ufw delete deny from 1.2.3.4 to any" | at now + 1 minute | warning: commands will be executed using /bin/sh | job 1 at Thu Aug 30 16:20:00 2012 | root@host:~# echo "ufw delete deny from 1.2.3.5 to any" | at now + 1 minute | warning: commands will be executed using /bin/sh | job 2 at Thu Aug 30 16:20:00 2012
Note that both jobs get scheduled at the same time. After the jobs get executed (ie. both rules get deleted) I get two mails: one stating "rule deleted" and the other saying "iptables: Resource temporarily unavailable. Rule deleted". "ufw status" shows the following: | root@host:~# ufw status | Status: active | | To Action From | -- ------ ---- | Anywhere DENY 1.2.3.4 when running "ufw delete deny from 1.2.3.4 to any" again, I get: iptables: Bad rule (does a matching rule exist in that chain?). Rule deleted and the rule is finally gone. I am not sure if this is a feature request to implement locking in ufw or a documentation bug. In any way I consider this to be a very bad behavior for security software because one cannot trust the output and/or state of ufw any more. -- Adi Kriegisch
signature.asc
Description: Digital signature