Package: ufw
Version: 0.36-1
Severity: important
Dear Maintainer,
Post-buster upgrade, and ufw is no longer functioning correctly. I'm using
ip(6)tables-legacy, rather than the newer xtables stuff, for interoperability
with docker. My ufw ruleset has several ALLOWs, e.g.
# ufw status | grep 22
22 ALLOW Anywhere
(taken when ufw is "running").
However upon first starting ufw ("ufw enable"), all incoming traffic to the
host is dropped. Via the console I can see that this is because the INPUT
chain policy has been set to DENY, and the ufw tables are not hooked in
properly. Excerpts from "iptables-save" after "ufw enable":
*filter
:INPUT DROP [2943:317505]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [80:9298]
…
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
…
So great, my rules are encoded into the ufw-user-input table fine, but that
table is not hooked into INPUT : iptables-save | grep "^-A INPUT" is empty.
-- System Information:
Debian Release: 10.1
APT prefers stable
APT policy: (990, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.1.2-x86_64-linode124 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ufw depends on:
ii debconf [debconf-2.0] 1.5.71
ii iptables 1.8.2-4
ii lsb-base 10.2019051400
ii python3 3.7.3-1
ii ucf 3.0038+nmu1
ufw recommends no packages.
Versions of packages ufw suggests:
ii rsyslog 8.1901.0-1
-- debconf information:
* ufw/existing_configuration:
ufw/allow_known_ports:
ufw/allow_custom_ports:
ufw/enable: true
