Package: ufw
Version: 0.36-1
Severity: important

Dear Maintainer,

Post-buster upgrade, and ufw is no longer functioning correctly. I'm using
ip(6)tables-legacy, rather than the newer xtables stuff, for interoperability
with docker. My ufw ruleset has several ALLOWs, e.g.

    # ufw status | grep 22
    22                         ALLOW       Anywhere

(taken when ufw is "running").

However upon first starting ufw ("ufw enable"), all incoming traffic to the
host is dropped. Via the console I can see that this is because the INPUT
chain policy has been set to DENY, and the ufw tables are not hooked in
properly. Excerpts from "iptables-save" after "ufw enable":

*filter
:INPUT DROP [2943:317505]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [80:9298]
…
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
…

So great, my rules are encoded into the ufw-user-input table fine, but that
table is not hooked into INPUT : iptables-save | grep "^-A INPUT" is empty.

-- System Information:
Debian Release: 10.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.1.2-x86_64-linode124 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ufw depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  iptables               1.8.2-4
ii  lsb-base               10.2019051400
ii  python3                3.7.3-1
ii  ucf                    3.0038+nmu1

ufw recommends no packages.

Versions of packages ufw suggests:
ii  rsyslog  8.1901.0-1

-- debconf information:
* ufw/existing_configuration:
  ufw/allow_known_ports:
  ufw/allow_custom_ports:
  ufw/enable: true

Reply via email to