Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package ufw
It seems that adduser 3.133 has caused problems for a lot of packages in sid,
including ufw. See:
https://piuparts.debian.org/sid/fail/adduser_3.133.log
https://piuparts.debian.org/sid/fail/
https://piuparts.debian.org/sid/fail/ufw_0.36.2-1.log
https://piuparts.debian.org/sid/fail/...
In the case of ufw, it ships a logrotate file and logrotate gets installed,
which pulls in adduser, but adduser can't be removed and piuparts fails:
0m18.6s DEBUG: Starting command: ['chroot',
'/srv/piuparts.debian.org/tmp/tmpwv4fmpa7', 'apt-get', 'install', '-y',
'logrotate']
0m19.9s DUMP:
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
adduser cron cron-daemon-common libpopt0 sensible-utils
...
m20.2s ERROR: Command failed (status=1): ['chroot',
'/srv/piuparts.debian.org/tmp/tmpwv4fmpa7', 'dpkg', '--purge', 'adduser',
'cron', 'cron-daemon-common', 'libpopt0:amd64', 'logrotate', 'sensible-utils']
dpkg: error processing package adduser (--purge):
this is a protected package; it should not be removed
...
As mentioned, there seem to be several packages in this state. ufw has shipped
a logrotate file for years and this isn't new to ufw 0.36.2-1.
[ Reason ]
ufw did not cause adduser to be unremovable, and adduser being unremovable
should not affect ufw's migration.
[ Impact ]
Bug fixes and translations will not be available in bookworm (I am upstream ufw
and I cut 0.36.2 specifically for bookworm users).
[ Tests ]
Build tests (unit and functional) and autopkgtests pass.
[ Risks ]
Leaf package.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock ufw/0.36.2-1
diff -Nru ufw-0.36.1/ChangeLog ufw-0.36.2/ChangeLog
--- ufw-0.36.1/ChangeLog 2021-09-18 20:29:52.000000000 -0500
+++ ufw-0.36.2/ChangeLog 2023-05-18 08:45:35.000000000 -0500
@@ -1,3 +1,23 @@
+ufw (0.36.2) RELEASED; urgency=medium
+
+ * src/ufw-init-functions: set default policy after loading rules. Thanks to
+ Mauricio Faria de Oliveira. (LP: #1946804)
+ * doc/ufw.8:
+ - document 'insert' and 'prepend' can't be used to update comments
+ (LP: #1927737)
+ * src/backend_iptables.py: remove unreachable code (LP: #1927734)
+ * src/util.py:
+ - properly parse /proc/pid/stat for WSL (LP: #2015645)
+ - mitigate odd length string with unhexlify (Closes: 1034568)
+ - support vrrp protocol (LP: #1996636)
+ * add locales/po/ro.po. Thanks Remus-Gabriel Chelu (Closes: 1034119)
+ * add '-h' and show help with no args (LP: #1965462)
+ * src/backend.py: add get_rules_ipv4() and get_rules_ipv6() (LP: #1951018)
+ * tests/check-requirements: update for python 3.10+
+ * tests/root: normalize 'ACCEPT {all,tcp}' and 'ACCEPT N' for newer systems
+
+ -- Jamie Strandboge <jdstr...@ubuntu.com> Thu, 18 May 2023 08:45:30 -0500
+
ufw (0.36.1) RELEASED; urgency=medium
* snap packaging updates:
diff -Nru ufw-0.36.1/debian/changelog ufw-0.36.2/debian/changelog
--- ufw-0.36.1/debian/changelog 2022-10-15 05:54:27.000000000 -0500
+++ ufw-0.36.2/debian/changelog 2023-05-18 09:03:07.000000000 -0500
@@ -1,3 +1,30 @@
+ufw (0.36.2-1) unstable; urgency=medium
+
+ * New upstream release (LP: #1946804, LP: #1927737, LP: #1927734,
+ LP: #2015645, LP: #1996636, LP: #1965462, LP: #1951018, Closes: 1034568,
+ Closes: 1034119). Drop the following (included upstream):
+ - 0002-fix-copyright.patch
+ - 0003-python3-versions.patch
+ - 0004-set-default-policy-after-load.patch
+ * Remaining changes:
+ - 0001-optimize-boot.patch
+ * add new debian/po/ro.po. Thanks Remus-Gabriel Chelu (Closes: 1033758)
+ * debian/control:
+ - Breaks with iptables-persistent and netfilter-persistent. When ufw is
+ installed, it is not enabled by default, so it doesn't interfere with
+ other firewall software (until it is enabled). In contrast,
+ iptables-persistent and netfilter-persistent install enabled, which
+ interferes with ufw. Add a breaks on these to avoid them being
+ co-installed with ufw (and causing problems for users).
+ - use Python-Version instead of XB-Python-Version
+ - remove Depends on obsolete lsb-base
+ * ufw.lintian-overrides:
+ - update for breaks-without-version iptables-persistent and
+ netfilter-persistent
+ - update for newer lintian
+
+ -- Jamie Strandboge <jdstr...@ubuntu.com> Thu, 18 May 2023 14:03:07 +0000
+
ufw (0.36.1-4.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru ufw-0.36.1/debian/control ufw-0.36.2/debian/control
--- ufw-0.36.1/debian/control 2021-09-19 00:46:12.000000000 -0500
+++ ufw-0.36.2/debian/control 2023-05-16 09:37:21.000000000 -0500
@@ -13,7 +13,7 @@
po-debconf,
python3 (>= 3.2),
python3-distutils
-Standards-Version: 4.6.0.1
+Standards-Version: 4.6.2
Homepage: https://launchpad.net/ufw
Vcs-Browser: https://git.launchpad.net/ufw?h=debian/master
Vcs-Git: https://git.launchpad.net/ufw -b debian/master
@@ -23,11 +23,11 @@
Suggests: rsyslog
Depends:
iptables,
- lsb-base (>= 3.0-6),
ucf,
${python3:Depends},
${misc:Depends}
-XB-Python-Version: ${python3:Versions}
+Breaks: iptables-persistent, netfilter-persistent
+Python-Version: ${python3:Versions}
Description: program for managing a Netfilter firewall
The Uncomplicated FireWall is a front-end for iptables, to make managing a
Netfilter firewall easier. It provides a command line interface with syntax
diff -Nru ufw-0.36.1/debian/patches/0002-fix-copyright.patch
ufw-0.36.2/debian/patches/0002-fix-copyright.patch
--- ufw-0.36.1/debian/patches/0002-fix-copyright.patch 2021-09-19
00:46:12.000000000 -0500
+++ ufw-0.36.2/debian/patches/0002-fix-copyright.patch 1969-12-31
18:00:00.000000000 -0600
@@ -1,28 +0,0 @@
-commit b1d840a4a23bd586059d6654fb60a42114ae7b92
-Author: Jamie Strandboge <jdstr...@ubuntu.com>
-Date: Sun Sep 19 01:09:36 2021 -0500
-
- src/ufw: update copyright year
-
-diff --git a/src/ufw b/src/ufw
-index 115d294..7d72395 100755
---- a/src/ufw
-+++ b/src/ufw
-@@ -2,7 +2,7 @@
- #
- # ufw: front-end for Linux firewalling (cli)
- #
--# Copyright 2008-2018 Canonical Ltd.
-+# Copyright 2008-2021 Canonical Ltd.
- #
- # This program is free software: you can redistribute it and/or modify
- # it under the terms of the GNU General Public License version 3,
-@@ -108,7 +108,7 @@ if __name__ == "__main__":
- sys.exit(0)
- elif pr.action == "version" or pr.action == "--version":
- msg(ufw.common.programName + " " + version)
-- msg("Copyright 2008-2018 Canonical Ltd.")
-+ msg("Copyright 2008-2021 Canonical Ltd.")
- sys.exit(0)
-
- try:
diff -Nru ufw-0.36.1/debian/patches/0003-python3-versions.patch
ufw-0.36.2/debian/patches/0003-python3-versions.patch
--- ufw-0.36.1/debian/patches/0003-python3-versions.patch 2021-09-19
00:46:12.000000000 -0500
+++ ufw-0.36.2/debian/patches/0003-python3-versions.patch 1969-12-31
18:00:00.000000000 -0600
@@ -1,15 +0,0 @@
-Author: Matthias Klose <d...@debian.org>
-Description: Fix python version check for Python >= 3.9
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975912
-Forwarded: yes
---- a/tests/check-requirements
-+++ b/tests/check-requirements
-@@ -59,7 +59,7 @@ for exe in python3 python2 python ; do
- echo "pass (binary: $exe, version: $v, py2)"
- found_python="yes"
- break
-- elif echo "$v" | grep -q "^3.[2-8]"; then
-+ elif echo "$v" | grep -q "^3.[1-9][0-9]*"; then
- echo "pass (binary: $exe, version: $v, py3)"
- found_python="yes"
- break
diff -Nru ufw-0.36.1/debian/patches/0004-set-default-policy-after-load.patch
ufw-0.36.2/debian/patches/0004-set-default-policy-after-load.patch
--- ufw-0.36.1/debian/patches/0004-set-default-policy-after-load.patch
2021-10-13 14:00:26.000000000 -0500
+++ ufw-0.36.2/debian/patches/0004-set-default-policy-after-load.patch
1969-12-31 18:00:00.000000000 -0600
@@ -1,93 +0,0 @@
-Origin: upstream,
https://git.launchpad.net/ufw/commit/?id=4d25bd6635a493ae10c1984bfe16fb31e3903198
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1946804
-From: Mauricio Faria de Oliveira <m...@canonical.com>
-Date: Tue, 12 Oct 2021 18:57:40 -0300
-Subject: [PATCH] src/ufw-init-functions: set default policy after loading
- rules
-
-If default input policy of DROP (default setting in ufw) is set
-before loading rules to allow a network root filesystem to work,
-it freezes before loading them, and the boot process stalls.
-
-Just set default policy after loading rules, as the snippet for
-ip[6]tables-restore has -n/--noflush, which doesn't flush other
-rules in the builtin chains.
-
-The output of iptables -L is identical before/after.
-
-https://bugs.launchpad.net/bugs/1946804
-
-Signed-off-by: Mauricio Faria de Oliveira <m...@canonical.com>
----
- src/ufw-init-functions | 48 ++++++++++++++++++++++--------------------
- 1 file changed, 25 insertions(+), 23 deletions(-)
-
-diff --git a/src/ufw-init-functions b/src/ufw-init-functions
-index feac8e203c1d..f0dd7f59f4c2 100755
---- a/src/ufw-init-functions
-+++ b/src/ufw-init-functions
-@@ -168,29 +168,6 @@ ufw_start() {
- AFTER_RULES="$RULES_PATH/after${type}.rules"
- USER_RULES="$USER_PATH/user${type}.rules"
-
-- # set the default policy
-- input_pol="$DEFAULT_INPUT_POLICY"
-- if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then
-- input_pol="DROP"
-- fi
--
-- output_pol="$DEFAULT_OUTPUT_POLICY"
-- if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then
-- output_pol="DROP"
-- fi
--
-- forward_pol="$DEFAULT_FORWARD_POLICY"
-- if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then
-- forward_pol="DROP"
-- fi
--
-- printf "*filter\n"\
--"# builtin chains\n"\
--":INPUT %s [0:0]\n"\
--":FORWARD %s [0:0]\n"\
--":OUTPUT %s [0:0]\n"\
--"COMMIT\n" $input_pol $forward_pol $output_pol | $exe-restore -n ||
error="yes"
--
- # flush the chains (if they exist)
- if $exe -L ufw${type}-before-logging-input -n >/dev/null 2>&1 ;
then
- delete_chains $type || error="yes"
-@@ -378,6 +355,31 @@ ufw_start() {
- out="${out}\nCouldn't find '$USER_RULES'"
- error="yes"
- fi
-+
-+ # set the default policy
-+ # (do this after loading rules so not to break
-+ # network rootfs w/ INPUT DROP during ufw init.)
-+ input_pol="$DEFAULT_INPUT_POLICY"
-+ if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then
-+ input_pol="DROP"
-+ fi
-+
-+ output_pol="$DEFAULT_OUTPUT_POLICY"
-+ if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then
-+ output_pol="DROP"
-+ fi
-+
-+ forward_pol="$DEFAULT_FORWARD_POLICY"
-+ if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then
-+ forward_pol="DROP"
-+ fi
-+
-+ printf "*filter\n"\
-+"# builtin chains\n"\
-+":INPUT %s [0:0]\n"\
-+":FORWARD %s [0:0]\n"\
-+":OUTPUT %s [0:0]\n"\
-+"COMMIT\n" $input_pol $forward_pol $output_pol | $exe-restore -n ||
error="yes"
- done
-
- if [ ! -z "$IPT_SYSCTL" ] && [ -s "$IPT_SYSCTL" ]; then
---
-2.30.2
-
diff -Nru ufw-0.36.1/debian/patches/series ufw-0.36.2/debian/patches/series
--- ufw-0.36.1/debian/patches/series 2021-10-13 14:02:20.000000000 -0500
+++ ufw-0.36.2/debian/patches/series 2023-05-16 09:03:37.000000000 -0500
@@ -1,4 +1 @@
0001-optimize-boot.patch
-0002-fix-copyright.patch
-0003-python3-versions.patch
-0004-set-default-policy-after-load.patch
diff -Nru ufw-0.36.1/debian/po/ro.po ufw-0.36.2/debian/po/ro.po
--- ufw-0.36.1/debian/po/ro.po 1969-12-31 18:00:00.000000000 -0600
+++ ufw-0.36.2/debian/po/ro.po 2023-05-16 08:59:14.000000000 -0500
@@ -0,0 +1,125 @@
+# Mesajele în limba română pentru pachetul ufw.
+# Romanian translation of ufw.
+# Copyright © 2023 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the ufw package.
+#
+# Remus-Gabriel Chelu <remusgabriel.ch...@disroot.org>, 2023.
+#
+# Cronologia traducerii fișierului „ufw”:
+# Traducerea inițială, făcută de R-GC, pentru versiunea ufw
0.36.1-4.1(2009-06-16).
+# Actualizare a traducerii pentru versiunea Y, făcută de X, Y(anul).
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ufw 0.36.1-4.1\n"
+"Report-Msgid-Bugs-To: u...@packages.debian.org\n"
+"POT-Creation-Date: 2009-06-16 23:11+0100\n"
+"PO-Revision-Date: 2023-03-26 21:16+0200\n"
+"Last-Translator: Remus-Gabriel Chelu <remusgabriel.ch...@disroot.org>\n"
+"Language-Team: Romanian <debian-l10n-roman...@lists.debian.org>\n"
+"Language: ro\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n==0 || (n!=1 && n%100>=1 && "
+"n%100<=19) ? 1 : 2);\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
+"X-Generator: Poedit 3.2.2\n"
+
+#. Type: error
+#. Description
+#: ../templates:2001
+msgid "Existing configuration found"
+msgstr "S-a găsit o configurație existentă"
+
+#. Type: error
+#. Description
+#: ../templates:2001
+msgid ""
+"An existing configuration for ufw has been found. Existing rules must be "
+"managed manually."
+msgstr ""
+"O configurație existentă pentru «ufw» a fost găsită. Regulile existente
trebuie "
+"gestionate manual."
+
+#. Type: error
+#. Description
+#: ../templates:2001
+msgid "You should read the ufw(8) manpage for details about ufw configuration."
+msgstr ""
+"Ar trebui să citiți pagina de manual ufw(8) pentru detalii despre
configurarea "
+"„ufw”."
+
+#. Type: boolean
+#. Description
+#: ../templates:3001
+msgid "Start ufw automatically?"
+msgstr "Doriți să porniți automat serviciul «ufw»?"
+
+#. Type: boolean
+#. Description
+#: ../templates:3001
+msgid ""
+"If you choose this option, the rules you are about to set will be enabled "
+"during system startup so that this host is protected as early as possible."
+msgstr ""
+"Dacă alegeți această opțiune, regulile pe care urmează să le stabiliți vor fi
"
+"activate în timpul pornirii sistemului, astfel încât această gazdă să fie "
+"protejată cât mai curând posibil."
+
+#. Type: boolean
+#. Description
+#: ../templates:3001
+msgid "To protect this host immediately, you must start ufw manually."
+msgstr ""
+"Pentru a proteja această gazdă imediat, trebuie să porniți manual serviciul "
+"«ufw»."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "Authorized services:"
+msgstr "Servicii autorizate:"
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid ""
+"Please choose the services that should be available for incoming connections."
+msgstr ""
+"Alegeți serviciile care ar trebui să fie disponibile pentru conexiunile de "
+"intrare."
+
+#. Type: multiselect
+#. Description
+#: ../templates:4001
+msgid "Other services may be specified in the next configuration step."
+msgstr "Alte servicii pot fi specificate în următorul pas de configurare."
+
+#. Type: string
+#. Description
+#: ../templates:5001
+msgid "Additional authorized services:"
+msgstr "Servicii suplimentare autorizate:"
+
+#. Type: string
+#. Description
+#: ../templates:5001
+msgid ""
+"Please enter a space separated list of any additional ports you would like to
"
+"open. You may use a service name (as found in /etc/services), a port number,
or "
+"a port number with protocol."
+msgstr ""
+"Introduceți o listă separată de spații cu porturile suplimentare pe care
doriți "
+"să le deschideți. Puteți utiliza un nume de serviciu (cum se găsește în
„/etc/"
+"services”), un număr de port sau un număr de port cu protocol."
+
+#. Type: string
+#. Description
+#: ../templates:5001
+msgid ""
+"Example: to allow a web server, port 53 and tcp port 22, you should enter
\"www "
+"53 22/tcp\"."
+msgstr ""
+"Exemplu: pentru a permite un server web, portul 53 și portul tcp 22, ar
trebui "
+"să introduceți „www 53 22/tcp”."
diff -Nru ufw-0.36.1/debian/ufw.lintian-overrides
ufw-0.36.2/debian/ufw.lintian-overrides
--- ufw-0.36.1/debian/ufw.lintian-overrides 2021-09-19 00:33:52.000000000
-0500
+++ ufw-0.36.2/debian/ufw.lintian-overrides 2023-05-16 09:46:12.000000000
-0500
@@ -1,8 +1,11 @@
# These are intentionally not executable
-ufw binary: script-not-executable usr/share/ufw/after.init
-ufw binary: script-not-executable usr/share/ufw/before.init
+ufw: script-not-executable [usr/share/ufw/after.init]
+ufw: script-not-executable [usr/share/ufw/before.init]
# Don't complain about 'ufw allow' rules
-ufw binary: typo-in-manual-page usr/share/man/man8/ufw.8.gz "allow to" "allow
one to"
-ufw binary: spelling-error-in-changelog "allow to" "allow one to"
+ufw: spelling-error-in-changelog "allow to" "allow one to"
+ufw: mismatched-override typo-in-manual-page usr/share/man/man8/ufw.8.gz
"allow to" "allow one to" [usr/share/lintian/overrides/ufw:5]
# Don't complain about the ufw-framework man page, it gives additional details
-ufw binary: spare-manual-page usr/share/man/man8/ufw-framework.8.gz
+ufw: spare-manual-page usr/share/man/man8/ufw-framework.8.gz
+# Don't complain about breaks-without-version since we want to break on all
+ufw: breaks-without-version iptables-persistent
+ufw: breaks-without-version netfilter-persistent
diff -Nru ufw-0.36.1/doc/systemd.example ufw-0.36.2/doc/systemd.example
--- ufw-0.36.1/doc/systemd.example 2021-09-18 19:50:19.000000000 -0500
+++ ufw-0.36.2/doc/systemd.example 2023-05-18 08:07:39.000000000 -0500
@@ -1,8 +1,9 @@
[Unit]
Description=Uncomplicated firewall
-DefaultDependencies=no
-Wants=network-pre.target
+Documentation=man:ufw(8)
Before=network-pre.target
+Wants=network-pre.target
+Conflicts=iptables.service ip6tables.service nftables.service firewalld.service
[Service]
Type=oneshot
diff -Nru ufw-0.36.1/doc/ufw.8 ufw-0.36.2/doc/ufw.8
--- ufw-0.36.1/doc/ufw.8 2021-09-18 20:19:03.000000000 -0500
+++ ufw-0.36.2/doc/ufw.8 2023-05-18 08:07:39.000000000 -0500
@@ -1,4 +1,4 @@
-.TH UFW: "8" "" "September 2021" "September 2021"
+.TH UFW: "8" "" "May 2023" "May 2023"
.SH NAME
ufw \- program for managing a netfilter firewall
@@ -125,7 +125,8 @@
Both syntaxes support specifying a comment for the rule. For existing rules,
specifying a different comment updates the comment and specifying '' removes
-the comment.
+the comment (note, 'insert' and 'prepend' cannot be used to update the
+comment).
Example rules using the simple syntax:
@@ -199,6 +200,7 @@
ah valid without port number
esp valid without port number
gre valid without port number
+ vrrp valid without port number
ipv6 valid for IPv4 addresses and without port number
igmp valid for IPv4 addresses and without port number
@@ -565,6 +567,11 @@
ufw allow to 10.0.0.1 proto ah
ufw allow to 10.0.0.1 from 10.4.0.0/16 proto ah
.PP
+keepalived is supported by using the 'vrrp' ('112') protocol. This protocol
+can only be used with the full syntax. For example:
+
+ ufw allow to 224.0.0.0/24 from 10.0.0.1 proto vrrp
+.PP
In addition to the command\-line interface, \fBufw\fR also provides a
framework which allows administrators to modify default behavior as well as
take full advantage of netfilter. See the \fBufw\-framework\fR manual page for
@@ -576,4 +583,4 @@
.SH AUTHOR
.PP
-ufw is Copyright 2008-2021, Canonical Ltd.
+ufw is Copyright 2008-2023, Canonical Ltd.
diff -Nru ufw-0.36.1/doc/ufw-framework.8 ufw-0.36.2/doc/ufw-framework.8
--- ufw-0.36.1/doc/ufw-framework.8 2021-09-18 20:19:03.000000000 -0500
+++ ufw-0.36.2/doc/ufw-framework.8 2023-05-16 09:51:25.000000000 -0500
@@ -1,4 +1,4 @@
-.TH "UFW FRAMEWORK" "8" "" "September 2021" "September 2021"
+.TH "UFW FRAMEWORK" "8" "" "May 2023" "May 2023"
.SH NAME
ufw\-framework \- using the ufw framework
@@ -318,4 +318,4 @@
.SH AUTHOR
.PP
-ufw is Copyright 2008-2021, Canonical Ltd.
+ufw is Copyright 2008-2023, Canonical Ltd.
diff -Nru ufw-0.36.1/doc/ufw-on-snappy.8 ufw-0.36.2/doc/ufw-on-snappy.8
--- ufw-0.36.1/doc/ufw-on-snappy.8 2021-09-18 20:19:03.000000000 -0500
+++ ufw-0.36.2/doc/ufw-on-snappy.8 2023-05-16 09:51:25.000000000 -0500
@@ -1,4 +1,4 @@
-.TH "UFW ON SNAPPY" "8" "" "September 2021" "September 2021"
+.TH "UFW ON SNAPPY" "8" "" "May 2023" "May 2023"
.SH NAME
ufw snap \- using ufw as a snap
@@ -71,4 +71,4 @@
.SH AUTHOR
.PP
-ufw is Copyright 2008-2021, Canonical Ltd.
+ufw is Copyright 2008-2023, Canonical Ltd.
diff -Nru ufw-0.36.1/locales/po/ro.po ufw-0.36.2/locales/po/ro.po
--- ufw-0.36.1/locales/po/ro.po 1969-12-31 18:00:00.000000000 -0600
+++ ufw-0.36.2/locales/po/ro.po 2023-05-16 09:51:25.000000000 -0500
@@ -0,0 +1,989 @@
+# Mesajele în limba română pentru pachetul ufw.
+# Romanian translation of ufw.
+# Copyright © 2023 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the ufw package.
+#
+# Remus-Gabriel Chelu <remusgabriel.ch...@disroot.org>, 2023.
+#
+# Cronologia traducerii fișierului „ufw”:
+# Traducerea inițială, făcută de R-GC, pentru versiunea ufw
0.36.1-4.1(2018-12-14).
+# Actualizare a traducerii pentru versiunea Y, făcută de X, Y(anul).
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: ufw 0.36.1-4.1\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2018-12-14 10:02-0600\n"
+"PO-Revision-Date: 2023-04-02 17:39+0200\n"
+"Last-Translator: Remus-Gabriel Chelu <remusgabriel.ch...@disroot.org>\n"
+"Language-Team: Romanian <debian-l10n-roman...@lists.debian.org>\n"
+"Language: ro\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n==0 || (n!=1 && n%100>=1 && "
+"n%100<=19) ? 1 : 2);\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
+"X-Generator: Poedit 3.2.2\n"
+
+#: src/ufw:74
+msgid ": Need at least python 2.6)\n"
+msgstr ": Are nevoie de cel puțin python 2.6)\n"
+
+#: src/ufw:139 src/frontend.py:625 src/frontend.py:927
+msgid "Aborted"
+msgstr "Operația a fost anulată!"
+
+#: src/backend.py:70
+msgid "Couldn't determine iptables version"
+msgstr "Nu s-a putut determina versiunea «iptables»"
+
+#: src/backend.py:149
+msgid "problem running sysctl"
+msgstr "problemă la rularea «sysctl»"
+
+#: src/backend.py:188
+msgid "Checks disabled"
+msgstr "Verificări dezactivate"
+
+#: src/backend.py:194
+msgid "ERROR: this script should not be SUID"
+msgstr "EROARE: acest script nu ar trebui să aibă bitul SUID activat"
+
+#: src/backend.py:197
+msgid "ERROR: this script should not be SGID"
+msgstr "EROARE: acest script nu ar trebui să aibă bitul SGID activat"
+
+#: src/backend.py:202
+msgid "You need to be root to run this script"
+msgstr "Trebuie să fiți „root” pentru a rula acest script"
+
+#: src/backend.py:212
+#, python-format
+msgid "'%s' does not exist"
+msgstr "„%s” nu există"
+
+#: src/backend.py:235 src/backend_iptables.py:1416
+#, python-format
+msgid "Couldn't stat '%s'"
+msgstr "Nu s-a putut stabili starea lui „%s”"
+
+#: src/backend.py:253
+#, python-format
+msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s"
+msgstr "uid este %(uid)s, dar „%(path)s” este deținut de %(st_uid)s"
+
+#: src/backend.py:260
+#, python-format
+msgid "%s is world writable!"
+msgstr "%s are permisiuni de scriere pentru toți utilizatorii!"
+
+#: src/backend.py:265
+#, python-format
+msgid "%s is group writable!"
+msgstr "%s are permisiuni de scriere pentru toți membrii grupului!"
+
+#: src/backend.py:281
+#, python-format
+msgid "'%(f)s' file '%(name)s' does not exist"
+msgstr "„%(f)s” fișierul „%(name)s” nu există"
+
+#: src/backend.py:292 src/backend_iptables.py:690
+#, python-format
+msgid "Couldn't open '%s' for reading"
+msgstr "Nu s-a putut deschide „%s” pentru citire"
+
+#: src/backend.py:306
+#, python-format
+msgid "Missing policy for '%s'"
+msgstr "Lipsește politica pentru „%s”"
+
+#: src/backend.py:310
+#, python-format
+msgid "Invalid policy '%(policy)s' for '%(chain)s'"
+msgstr "Politica „%(policy)s” nu este validă pentru „%(chain)s”"
+
+#: src/backend.py:317
+msgid "Invalid option"
+msgstr "Opțiune nevalidă"
+
+#: src/backend.py:323 src/backend_iptables.py:790
+#, python-format
+msgid "'%s' is not writable"
+msgstr "„%s” nu poate fi scris"
+
+#: src/backend.py:370 src/backend_iptables.py:94
+#, python-format
+msgid "Unsupported policy '%s'"
+msgstr "Politica „%s” nu este acceptată"
+
+#: src/backend.py:373
+#, python-format
+msgid "Default application policy changed to '%s'"
+msgstr "Politica implicită de aplicație s-a schimbat în „%s”"
+
+#: src/backend.py:440
+msgid "No rules found for application profile"
+msgstr "Nu s-au găsit reguli pentru profilul aplicației"
+
+#: src/backend.py:496
+#, python-format
+msgid "Rules updated for profile '%s'"
+msgstr "S-au actualizat regulile pentru profilul „%s”"
+
+#: src/backend.py:502
+msgid "Couldn't update application rules"
+msgstr "Nu s-au putut actualiza regulile aplicației"
+
+#: src/backend.py:524
+#, python-format
+msgid "Found multiple matches for '%s'. Please use exact profile name"
+msgstr ""
+"S-au găsit mai multe potriviri pentru „%s”. Trebuie să utilizați numele exact
"
+"al profilului"
+
+#: src/backend.py:527
+#, python-format
+msgid "Could not find a profile matching '%s'"
+msgstr "Nu s-a putut găsi un profil care să se potrivească cu „%s”"
+
+#: src/backend.py:594
+msgid "Logging: "
+msgstr "Jurnalizare: "
+
+#: src/backend.py:598
+msgid "unknown"
+msgstr "necunoscut"
+
+#: src/backend.py:610 src/backend_iptables.py:1284
+#, python-format
+msgid "Invalid log level '%s'"
+msgstr "Nivel de jurnalizare nevalid „%s”"
+
+#: src/backend.py:625
+msgid "Logging disabled"
+msgstr "Jurnalizare dezactivată"
+
+#: src/backend.py:627
+msgid "Logging enabled"
+msgstr "Jurnalizare activată"
+
+#: src/common.py:196
+#, python-format
+msgid "Bad port '%s'"
+msgstr "Port incorect „%s”"
+
+#: src/common.py:252
+#, python-format
+msgid "Unsupported protocol '%s'"
+msgstr "Protocol neacceptat „%s”"
+
+#: src/common.py:280
+msgid "Bad source address"
+msgstr "Adresă sursă greșită"
+
+#: src/common.py:290
+msgid "Bad destination address"
+msgstr "Adresă de destinație greșită"
+
+#: src/common.py:309
+msgid "Bad interface type"
+msgstr "Tip de interfață greșit"
+
+#: src/common.py:314
+msgid "Bad interface name: reserved character: '!'"
+msgstr "Nume de interfață greșit: caracter rezervat: '!'"
+
+#: src/common.py:318
+msgid "Bad interface name: can't use interface aliases"
+msgstr "Nume de interfață greșit: nu se pot folosi alias de interfață"
+
+#: src/common.py:322
+msgid "Bad interface name: can't use '.' or '..'"
+msgstr "Nume de interfață greșit: nu se poate folosi „.” sau „..”"
+
+#: src/common.py:326
+msgid "Bad interface name: interface name is empty"
+msgstr "Nume de interfață greșit: numele interfeței este gol"
+
+#: src/common.py:330
+msgid "Bad interface name: interface name too long"
+msgstr "Nume de interfață greșit: numele interfeței este prea lung"
+
+#: src/common.py:335
+msgid "Bad interface name"
+msgstr "Nume de interfață greșit"
+
+#: src/common.py:349
+#, python-format
+msgid "Insert position '%s' is not a valid position"
+msgstr "Poziția de inserare „%s” nu este o poziție validă"
+
+#: src/common.py:359
+#, python-format
+msgid "Invalid log type '%s'"
+msgstr "Tip de jurnalizare nevalid „%s”"
+
+#: src/common.py:367
+#, python-format
+msgid "Unsupported direction '%s'"
+msgstr "Direcția „%s” nu este acceptată"
+
+#: src/common.py:386
+msgid "Could not normalize source address"
+msgstr "Nu s-a putut normaliza adresa sursă"
+
+#: src/common.py:397
+msgid "Could not normalize destination address"
+msgstr "Nu s-a putut normaliza adresa de destinație"
+
+#: src/common.py:463
+msgid "Found exact match"
+msgstr "S-a găsit potrivirea exactă"
+
+#: src/common.py:468
+msgid "Found exact match, excepting comment"
+msgstr "S-a găsit potrivire exactă, cu excepția comentariului"
+
+#: src/common.py:472
+#, python-format
+msgid ""
+"Found non-action/non-logtype/comment match (%(xa)s/%(ya)s/'%(xc)s' %(xl)s/"
+"%(yl)s/'%(yc)s')"
+msgstr ""
+"S-a găsit potrivirea „non-action/non-logtype/comment”:
(%(xa)s/%(ya)s/'%(xc)s' "
+"%(xl)s/%(yl)s/'%(yc)s'"
+
+#: src/common.py:630
+#, python-format
+msgid "Improper rule syntax ('%s' specified with app rule)"
+msgstr "Sintaxă incorectă a regulii („%s” specificată cu regula aplicației)"
+
+#: src/common.py:637
+#, python-format
+msgid "Invalid IPv6 address with protocol '%s'"
+msgstr "Adresă IPv6 nevalidă cu protocolul „%s”"
+
+#: src/common.py:643 src/util.py:84
+#, python-format
+msgid "Invalid port with protocol '%s'"
+msgstr "Port nevalid cu protocolul „%s”"
+
+#: src/parser.py:110
+#, python-format
+msgid "Cannot insert rule at position '%s'"
+msgstr "Nu se poate insera regula la poziția „%s”"
+
+#: src/parser.py:148
+msgid "Invalid interface clause"
+msgstr "Clauza de interfață nu este validă"
+
+#: src/parser.py:174
+msgid "Option 'log' not allowed here"
+msgstr "Opțiunea „log” nu este permisă aici"
+
+#: src/parser.py:178
+msgid "Option 'log-all' not allowed here"
+msgstr "Opțiunea „log-all” nu este permisă aici"
+
+#: src/parser.py:185
+msgid "Option 'comment' missing required argument"
+msgstr "Opțiunii „comment” îi lipsește argumentul necesar"
+
+#: src/parser.py:191
+msgid "Comment may not contain \"'\""
+msgstr "Comentariul nu poate conține „’”"
+
+#: src/parser.py:233 src/parser.py:359
+msgid "Port ranges must be numeric"
+msgstr "Intervalele de porturi trebuie să fie numerice"
+
+#: src/parser.py:242 src/util.py:87
+msgid "Bad port"
+msgstr "Port incorect"
+
+#: src/parser.py:245
+msgid "Wrong number of arguments"
+msgstr "Număr greșit de argumente"
+
+#: src/parser.py:249
+msgid "Need 'to' or 'from' clause"
+msgstr "Se necesită clauza „to” sau „from”"
+
+#: src/parser.py:264
+msgid "Improper rule syntax"
+msgstr "Sintaxă incorectă a regulii"
+
+#: src/parser.py:271
+#, python-format
+msgid "Invalid token '%s'"
+msgstr "Indicativ (token) nevalid „%s”"
+
+#: src/parser.py:283
+msgid "Invalid 'proto' clause"
+msgstr "Clauza „proto” nu este validă"
+
+#: src/parser.py:298
+#, python-format
+msgid "Invalid '%s' clause"
+msgstr "Clauza „%s” nu este validă"
+
+#: src/parser.py:320
+msgid "Invalid 'from' clause"
+msgstr "Clauza „from” nu este validă"
+
+#: src/parser.py:342
+msgid "Invalid 'to' clause"
+msgstr "Clauza „to” nu este validă"
+
+#: src/parser.py:347
+#, python-format
+msgid "Need 'from' or 'to' with '%s'"
+msgstr "Este nevoie de „from” sau „to” cu „%s”"
+
+#: src/parser.py:374
+msgid "Invalid 'port' clause"
+msgstr "Clauza „port” nu este validă"
+
+#: src/parser.py:383
+msgid "Mixed IP versions for 'from' and 'to'"
+msgstr "Versiuni IP amestecate pentru „from” și „to”"
+
+#: src/parser.py:400 src/parser.py:410 src/parser.py:419
+msgid "Could not find protocol"
+msgstr "Nu s-a putut găsi protocolul"
+
+#: src/parser.py:426
+msgid "Protocol mismatch (from/to)"
+msgstr "Nepotrivire protocol (from/to)"
+
+#: src/parser.py:433
+#, python-format
+msgid "Protocol mismatch with specified protocol %s"
+msgstr "Nepotrivire a protocolului cu protocolul specificat %s"
+
+#: src/parser.py:552
+msgid "'route delete NUM' unsupported. Use 'delete NUM' instead."
+msgstr ""
+"directiva „route delete NUM” nu este acceptată. Folosiți „delete NUM” în
schimb."
+
+#: src/parser.py:585
+msgid "Invalid interface clause for route rule"
+msgstr "Clauza de interfață nu este validă pentru regula de rută"
+
+#: src/parser.py:884
+#, python-format
+msgid "Command '%s' already exists"
+msgstr "Comanda „%s” există deja"
+
+#: src/util.py:446
+msgid "Couldn't find pid (is /proc mounted?)"
+msgstr "Nu s-a putut găsi identificatorul de proces (pid); este „/proc”
montat?"
+
+#: src/util.py:450
+#, python-format
+msgid "Couldn't find parent pid for '%s'"
+msgstr "Nu s-a putut găsi identificatorul procesului părinte (ppid) pentru
„%s”"
+
+#: src/util.py:460
+#, python-format
+msgid "Couldn't find '%s'"
+msgstr "Nu s-a putut găsi „%s”"
+
+#: src/util.py:466
+#, python-format
+msgid "Could not find executable for '%s'"
+msgstr "Nu s-a putut găsi executabilul pentru „%s”"
+
+#: src/util.py:1026
+#, python-format
+msgid "Could not get statistics for '%s'"
+msgstr "Nu s-au putut obține statisticile pentru „%s”"
+
+#: src/backend_iptables.py:78
+msgid "New profiles:"
+msgstr "Profiluri noi:"
+
+#: src/backend_iptables.py:99
+#, python-format
+msgid "Unsupported policy for direction '%s'"
+msgstr "Politică neacceptată pentru direcția „%s”"
+
+#: src/backend_iptables.py:159
+#, python-format
+msgid "Default %(direction)s policy changed to '%(policy)s'\n"
+msgstr "Politica implicită %(direction)s a fost schimbată în „%(policy)s”\n"
+
+#: src/backend_iptables.py:161
+msgid "(be sure to update your rules accordingly)"
+msgstr "(asigurați-vă că vă actualizați regulile în consecință)"
+
+#: src/backend_iptables.py:168
+msgid "Checking raw iptables\n"
+msgstr "Se verifică „iptables” brute\n"
+
+#: src/backend_iptables.py:169
+msgid "Checking raw ip6tables\n"
+msgstr "Se verifică „ip6tables” brute\n"
+
+#: src/backend_iptables.py:262
+msgid "Checking iptables\n"
+msgstr "Se verifică „iptables”\n"
+
+#: src/backend_iptables.py:264
+msgid "Checking ip6tables\n"
+msgstr "Se verifică „ip6tables”\n"
+
+#: src/backend_iptables.py:267 src/backend_iptables.py:568
+msgid "problem running"
+msgstr "problemă rulând"
+
+#: src/backend_iptables.py:273
+msgid "Status: inactive"
+msgstr "Stare: inactiv"
+
+#: src/backend_iptables.py:443
+msgid "To"
+msgstr "La"
+
+#: src/backend_iptables.py:444
+msgid "From"
+msgstr "De la"
+
+#: src/backend_iptables.py:445
+msgid "Action"
+msgstr "Acțiune"
+
+#: src/backend_iptables.py:461 src/backend_iptables.py:465
+msgid "\n"
+msgstr "\n"
+
+#: src/backend_iptables.py:473
+#, python-format
+msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)"
+msgstr ""
+"Implicit: %(in)s (care-intră), %(out)s (care-iese), %(routed)s (direcționat)"
+
+#: src/backend_iptables.py:481
+#, python-format
+msgid ""
+"Status: active\n"
+"%(log)s\n"
+"%(pol)s\n"
+"%(app)s%(status)s"
+msgstr ""
+"Stare: activ\n"
+"%(log)s\n"
+"%(pol)s\n"
+"%(app)s%(status)s"
+
+#: src/backend_iptables.py:485
+#, python-format
+msgid "Status: active%s"
+msgstr "Stare: activ%s"
+
+#: src/backend_iptables.py:490 src/backend_iptables.py:508
+msgid "running ufw-init"
+msgstr "rulează ufw-init"
+
+#: src/backend_iptables.py:502 src/backend_iptables.py:520
+#, python-format
+msgid ""
+"problem running ufw-init\n"
+"%s"
+msgstr ""
+"problemă la rularea ufw-init\n"
+"%s"
+
+#: src/backend_iptables.py:529
+msgid "Could not set LOGLEVEL"
+msgstr "Nu s-a putut fixa LOGLEVEL"
+
+#: src/backend_iptables.py:535
+msgid "Could not load logging rules"
+msgstr "Nu s-au putut încărca regulile de înregistrare în jurnal"
+
+# R-GC, scrie:
+# aici e vorba de „invenția” w3c/americană, de-a
+# numii o terminație/sufix de cantitate multiplă sau multiplexare cu un cuvînt
nou, care în esență
+# vrea să spună: n-uplet, adică: duplet, triplet, etc
+# ******
+# iar aici, pare să fie vorba de tripletul adresei IP a
+# unei interfețe:
+# XXXX . YYY . ZZZ
+#: src/backend_iptables.py:709
+#, python-format
+msgid "Skipping malformed tuple (bad length): %s"
+msgstr "Se omite n-uplul (tuple) malformat (lungime greșită): %s"
+
+#: src/backend_iptables.py:720
+#, python-format
+msgid "Skipping malformed tuple (iface): %s"
+msgstr "Se omite n-uplul (tuple) malformat (iface): %s"
+
+#: src/backend_iptables.py:768
+#, python-format
+msgid "Skipping malformed tuple: %s"
+msgstr "Se omite n-uplul (tuple) malformat: %s"
+
+#: src/backend_iptables.py:966
+msgid "Adding IPv6 rule failed: IPv6 not enabled"
+msgstr "Adăugarea regulii IPv6 nu a reușit: IPv6 nu este activat"
+
+#: src/backend_iptables.py:970
+#, python-format
+msgid "Skipping unsupported IPv6 '%s' rule"
+msgstr "Se omite regula IPv6 „%s” neacceptată"
+
+#: src/backend_iptables.py:974
+#, python-format
+msgid "Skipping unsupported IPv4 '%s' rule"
+msgstr "Se omite regula IPv4 „%s” neacceptată"
+
+#: src/backend_iptables.py:977
+msgid "Must specify 'tcp' or 'udp' with multiple ports"
+msgstr "Trebuie să specificați „tcp” sau „udp” cu porturi multiple"
+
+#: src/backend_iptables.py:989
+msgid "Skipping IPv6 application rule. Need at least iptables 1.4"
+msgstr ""
+"Se omite regula IPv6 a aplicației. Se necesită cel puțin versiunea iptables
1.4"
+
+#: src/backend_iptables.py:994
+#, python-format
+msgid "Invalid position '%d'"
+msgstr "Poziție nevalidă „%d”"
+
+#: src/backend_iptables.py:998
+msgid "Cannot specify insert and delete"
+msgstr "Nu se pot specifica în același timp directivele „insert” și „delete”"
+
+#: src/backend_iptables.py:1001
+#, python-format
+msgid "Cannot insert rule at position '%d'"
+msgstr "Nu se poate insera regula la poziția „%d”"
+
+#: src/backend_iptables.py:1062
+msgid "Skipping inserting existing rule"
+msgstr "Se omite inserarea regulii existente"
+
+#: src/backend_iptables.py:1073 src/frontend.py:415
+msgid "Could not delete non-existent rule"
+msgstr "Nu s-a putut șterge regula inexistentă"
+
+#: src/backend_iptables.py:1078
+msgid "Skipping adding existing rule"
+msgstr "Se omite adăugarea unei reguli existente"
+
+#: src/backend_iptables.py:1094
+msgid "Couldn't update rules file"
+msgstr "Nu s-a putut actualiza fișierul cu reguli"
+
+#: src/backend_iptables.py:1099
+msgid "Rules updated"
+msgstr "Regulile au fost actualizate"
+
+#: src/backend_iptables.py:1101
+msgid "Rules updated (v6)"
+msgstr "Regulile au fost actualizate (v6)"
+
+#: src/backend_iptables.py:1109
+msgid "Rule inserted"
+msgstr "Regula a fost inserată"
+
+#: src/backend_iptables.py:1111
+msgid "Rule updated"
+msgstr "Regula a fost actualizată"
+
+#: src/backend_iptables.py:1121
+msgid " (skipped reloading firewall)"
+msgstr " (se omite reîncărcarea paravanului de protecție)"
+
+#: src/backend_iptables.py:1124
+msgid "Rule deleted"
+msgstr "Regula a fost ștearsă"
+
+#: src/backend_iptables.py:1127
+msgid "Rule added"
+msgstr "Regula a fost adăugată"
+
+#: src/backend_iptables.py:1144 src/backend_iptables.py:1235
+msgid "Could not update running firewall"
+msgstr "Nu s-a putut actualiza paravanul de protecție activ"
+
+#: src/backend_iptables.py:1199
+#, python-format
+msgid "Could not perform '%s'"
+msgstr "Nu s-a putut efectua „%s”"
+
+#: src/backend_iptables.py:1226
+msgid "Couldn't update rules file for logging"
+msgstr "Nu s-a putut actualiza fișierul cu reguli pentru înregistrarea în
jurnal"
+
+#: src/backend_iptables.py:1382
+#, python-format
+msgid "Could not find '%s'. Aborting"
+msgstr "Nu s-a putut găsi „%s”. Se abandonează"
+
+#: src/backend_iptables.py:1394
+#, python-format
+msgid "'%s' already exists. Aborting"
+msgstr "„%s” există deja. Se abandonează"
+
+#: src/backend_iptables.py:1400
+#, python-format
+msgid "Backing up '%(old)s' to '%(new)s'\n"
+msgstr "Se fac copii de rezervă pentru „%(old)s” în „%(new)s”\n"
+
+#: src/backend_iptables.py:1421
+#, python-format
+msgid "WARN: '%s' is world writable"
+msgstr "AVERTISMENT: „%s” poate fi scris de toți utilizatorii"
+
+#: src/backend_iptables.py:1423
+#, python-format
+msgid "WARN: '%s' is world readable"
+msgstr "AVERTISMENT: „%s” poate fi citit de toți utilizatorii"
+
+#: src/frontend.py:93
+#, python-format
+msgid ""
+"\n"
+"Usage: %(progname)s %(command)s\n"
+"\n"
+"%(commands)s:\n"
+" %(enable)-31s enables the firewall\n"
+" %(disable)-31s disables the firewall\n"
+" %(default)-31s set default policy\n"
+" %(logging)-31s set logging to %(level)s\n"
+" %(allow)-31s add allow %(rule)s\n"
+" %(deny)-31s add deny %(rule)s\n"
+" %(reject)-31s add reject %(rule)s\n"
+" %(limit)-31s add limit %(rule)s\n"
+" %(delete)-31s delete %(urule)s\n"
+" %(insert)-31s insert %(urule)s at %(number)s\n"
+" %(route)-31s add route %(urule)s\n"
+" %(route-delete)-31s delete route %(urule)s\n"
+" %(route-insert)-31s insert route %(urule)s at %(number)s\n"
+" %(reload)-31s reload firewall\n"
+" %(reset)-31s reset firewall\n"
+" %(status)-31s show firewall status\n"
+" %(statusnum)-31s show firewall status as numbered list of %(rules)s\n"
+" %(statusverbose)-31s show verbose firewall status\n"
+" %(show)-31s show firewall report\n"
+" %(version)-31s display version information\n"
+"\n"
+"%(appcommands)s:\n"
+" %(applist)-31s list application profiles\n"
+" %(appinfo)-31s show information on %(profile)s\n"
+" %(appupdate)-31s update %(profile)s\n"
+" %(appdefault)-31s set default application policy\n"
+msgstr ""
+"\n"
+"Utilizare: %(progname)s %(command)s\n"
+"\n"
+"%(commands)s:\n"
+" %(enable)-31s activează paravanul de protecție\n"
+" %(disable)-31s dezactivează paravanul de protecție\n"
+" %(default)-31s stabilește politica implicită\n"
+" %(logging)-31s stabilește nivelul jurnalizării la %(level)sn\n"
+" %(allow)-31s adaugă %(rule)s « permite»\n"
+" %(deny)-31s adaugă %(rule)s « refuză»\n"
+" %(reject)-31s adaugă %(rule)s « respinge»\n"
+" %(limit)-31s adaugă %(rule)s «limitei»\n"
+" %(delete)-31s șterge %(urule)s\n"
+" %(insert)-31s inserează %(urule)s la %(number)s\n"
+" %(route)-31s adaugă %(rule)s «direcționare»\n"
+" %(route-delete)-31s șterge %(rule)s «direcționare»\n"
+" %(route-insert)-31s inserează %(rule)s «direcționare» la %(number)s\n"
+" %(reload)-31s reîncarcă paravanul de protecție\n"
+" %(reset)-31s reinițiază paravanul de protecție\n"
+" %(status)-31s afișează starea paravanului de protecție\n"
+" %(statusnum)-31s afișează starea paravanului de protecție ca listă
numerotată "
+"de %(rules)s\n"
+" %(statusverbose)-31s afișează starea paravanului de protecție cu informații "
+"detaliate\n"
+" %(show)-31s afișează raportul paravanului de protecție\n"
+" %(version)-31s afișează informațiile despre versiune\n"
+"\n"
+"%(appcommands)s:\n"
+" %(applist)-31s listează profilurile aplicațiilor\n"
+" %(appinfo)-31s afișează informații despre %(profile)s\n"
+" %(appupdate)-31s actualizează %(profile)s\n"
+" %(appdefault)-31s stabilește politica implicită de aplicație\n"
+
+#: src/frontend.py:176
+msgid "n"
+msgstr "n"
+
+#: src/frontend.py:177
+msgid "y"
+msgstr "d"
+
+#: src/frontend.py:178
+msgid "yes"
+msgstr "da"
+
+#: src/frontend.py:223
+msgid "Firewall is active and enabled on system startup"
+msgstr ""
+"Paravanul de protecție este activ și activat pentru lansare la pornirea "
+"sistemului"
+
+#: src/frontend.py:230
+msgid "Firewall stopped and disabled on system startup"
+msgstr ""
+"Paravanul de protecție este oprit și dezactivat pentru lansare la pornirea "
+"sistemului"
+
+#: src/frontend.py:282
+msgid "Could not get listening status"
+msgstr "Nu s-a putut obține starea de ascultare"
+
+#: src/frontend.py:351
+msgid "Added user rules (see 'ufw status' for running firewall):"
+msgstr ""
+"S-au adăugat regulile date de utilizator (consultați „ufw status” pentru a "
+"cunoaște starea actuală a paravanului de protecție):"
+
+# R-GC, scrie:
+# bănuiesc că e vorba de «reguli sau interfețe»,
+# nu văd nimic de genul masculin relaționat cu
+# un paravan de protecție (decît, bineînțeles, el însuși) :)
+#: src/frontend.py:354
+msgid ""
+"\n"
+"(None)"
+msgstr ""
+"\n"
+"(Niciuna)"
+
+#: src/frontend.py:410 src/frontend.py:521 src/frontend.py:534
+#, python-format
+msgid "Invalid IP version '%s'"
+msgstr "Versiunea IP „%s” nu este validă"
+
+#: src/frontend.py:441
+msgid "Invalid position '"
+msgstr "Poziție nevalidă '"
+
+#: src/frontend.py:531
+msgid "IPv6 support not enabled"
+msgstr "Suportul pentru protocolul IPv6 nu este activat"
+
+#: src/frontend.py:542
+msgid "Rule changed after normalization"
+msgstr "Regulă modificată după normalizare"
+
+#: src/frontend.py:566
+#, python-format
+msgid "Could not back out rule '%s'"
+msgstr "Nu s-a putut restabilii definiția anterioară a regulei „%s”"
+
+#: src/frontend.py:570
+msgid ""
+"\n"
+"Error applying application rules."
+msgstr ""
+"\n"
+"Eroare la aplicarea regulilor aplicației."
+
+#: src/frontend.py:572
+msgid " Some rules could not be unapplied."
+msgstr " Unele reguli nu au putut fi anulate."
+
+#: src/frontend.py:574
+msgid " Attempted rules successfully unapplied."
+msgstr " Regulile încercate au fost anulate cu succes."
+
+#: src/frontend.py:585
+#, python-format
+msgid "Could not find rule '%s'"
+msgstr "Nu s-a putut găsi regula „%s”"
+
+#: src/frontend.py:590 src/frontend.py:595
+#, python-format
+msgid "Could not find rule '%d'"
+msgstr "Nu s-a putut găsi regula „%d”"
+
+#: src/frontend.py:611
+#, python-format
+msgid ""
+"Deleting:\n"
+" %(rule)s\n"
+"Proceed with operation (%(yes)s|%(no)s)? "
+msgstr ""
+"Se șterge:\n"
+" %(rule)s\n"
+"Continuați cu operația (%(yes)s|%(no)s)? "
+
+#: src/frontend.py:643
+msgid "Unsupported default policy"
+msgstr "Politică implicită neacceptată"
+
+#: src/frontend.py:672 src/frontend.py:817
+msgid "Firewall reloaded"
+msgstr "Paravanul de protecție a fost reîncărcat"
+
+#: src/frontend.py:674
+msgid "Firewall not enabled (skipping reload)"
+msgstr "Paravanul de protecție nu este activat (se omite reîncărcarea)"
+
+#: src/frontend.py:691 src/frontend.py:705 src/frontend.py:742
+msgid "Invalid profile name"
+msgstr "Nume de profil nevalid"
+
+#: src/frontend.py:710 src/frontend.py:892
+#, python-format
+msgid "Unsupported action '%s'"
+msgstr "Acțiune neacceptată „%s”"
+
+#: src/frontend.py:729
+msgid "Available applications:"
+msgstr "Aplicații disponibile:"
+
+#: src/frontend.py:750
+#, python-format
+msgid "Could not find profile '%s'"
+msgstr "Nu s-a putut găsi profilul „%s”"
+
+#: src/frontend.py:755
+msgid "Invalid profile"
+msgstr "Profil nevalid"
+
+#: src/frontend.py:758
+#, python-format
+msgid "Profile: %s\n"
+msgstr "Profil: %s\n"
+
+#: src/frontend.py:759
+#, python-format
+msgid "Title: %s\n"
+msgstr "Titlu: %s\n"
+
+#: src/frontend.py:762
+#, python-format
+msgid ""
+"Description: %s\n"
+"\n"
+msgstr ""
+"Descriere: %s\n"
+"\n"
+
+#: src/frontend.py:768
+msgid "Ports:"
+msgstr "Porturi:"
+
+#: src/frontend.py:770
+msgid "Port:"
+msgstr "Port:"
+
+#: src/frontend.py:819
+msgid "Skipped reloading firewall"
+msgstr "S-a omis reîncărcarea paravanului de protecție"
+
+#: src/frontend.py:829
+msgid "Cannot specify 'all' with '--add-new'"
+msgstr "Nu se pot specifica „all” (toate regulile) cu „--add-new”"
+
+#: src/frontend.py:844
+#, python-format
+msgid "Unknown policy '%s'"
+msgstr "Politică necunoscută „%s”"
+
+#: src/frontend.py:901
+#, python-format
+msgid ""
+"Command may disrupt existing ssh connections. Proceed with operation
(%(yes)s|"
+"%(no)s)? "
+msgstr ""
+"Comanda poate întrerupe conexiunile SSH existente. Continuați cu operația "
+"(%(yes)s|%(no)s)? "
+
+#: src/frontend.py:914
+#, python-format
+msgid ""
+"Resetting all rules to installed defaults. Proceed with operation (%(yes)s|"
+"%(no)s)? "
+msgstr ""
+"Se restabilesc toate regulile la valorile implicite instalate. Continuați cu "
+"operația (%(yes)s|%(no)s)? "
+
+#: src/frontend.py:918
+#, python-format
+msgid ""
+"Resetting all rules to installed defaults. This may disrupt existing ssh "
+"connections. Proceed with operation (%(yes)s|%(no)s)? "
+msgstr ""
+"Se restabilesc toate regulile la valorile implicite instalate. Acest lucru "
+"poate întrerupe conexiunile SSH existente. Continuați cu operația (%(yes)s|"
+"%(no)s)? "
+
+#: src/applications.py:37
+msgid "Profiles directory does not exist"
+msgstr "Directorul de profiluri nu există"
+
+#: src/applications.py:69
+#, python-format
+msgid "Skipping '%s': couldn't stat"
+msgstr "Se omite „%s”: nu se poate obține starea"
+
+#: src/applications.py:74
+#, python-format
+msgid "Skipping '%s': too big"
+msgstr "Se omite „%s”: este prea mare"
+
+#: src/applications.py:79
+#, python-format
+msgid "Skipping '%s': too many files read already"
+msgstr "Se omite „%s”: prea multe fișiere citite deja"
+
+#: src/applications.py:93
+#, python-format
+msgid "Skipping '%s': couldn't process"
+msgstr "Se omite „%s”: nu s-a putut procesa"
+
+#: src/applications.py:100
+#, python-format
+msgid "Skipping '%s': name too long"
+msgstr "Se omite „%s”: numele este prea lung"
+
+#: src/applications.py:105
+#, python-format
+msgid "Skipping '%s': invalid name"
+msgstr "Se omite „%s”: numele nu este valid"
+
+#: src/applications.py:111
+#, python-format
+msgid "Skipping '%s': also in /etc/services"
+msgstr "Se omite „%s”: de asemenea, în „/etc/services”"
+
+#: src/applications.py:120
+#, python-format
+msgid "Skipping '%s': field too long"
+msgstr "Se omite „%s”: câmpul este prea lung"
+
+#: src/applications.py:125
+#, python-format
+msgid "Skipping '%(value)s': value too long for '%(field)s'"
+msgstr "Se omite „%(value)s”: valoarea este prea X pentru „%(field)s”"
+
+#: src/applications.py:135
+#, python-format
+msgid "Duplicate profile '%s', using last found"
+msgstr "Profil duplicat „%s”, se folosește ultimul găsit"
+
+#: src/applications.py:178
+#, python-format
+msgid "Profile '%(fn)s' missing required field '%(f)s'"
+msgstr "Din profilul „%(fn)s” lipsește câmpul obligatoriu „%(f)s”"
+
+#: src/applications.py:183
+#, python-format
+msgid "Profile '%(fn)s' has empty required field '%(f)s'"
+msgstr "Profilul „%(fn)s” are câmpul obligatoriu gol „%(f)s”"
+
+#: src/applications.py:198
+#, python-format
+msgid "Invalid ports in profile '%s'"
+msgstr "Porturi nevalide în profilul „%s”"
diff -Nru ufw-0.36.1/locales/po/ufw.pot ufw-0.36.2/locales/po/ufw.pot
--- ufw-0.36.1/locales/po/ufw.pot 2021-09-18 20:19:01.000000000 -0500
+++ ufw-0.36.2/locales/po/ufw.pot 2023-05-18 08:07:56.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2018-12-14 10:02-0600\n"
+"POT-Creation-Date: 2023-05-18 08:07-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <l...@li.org>\n"
@@ -21,601 +21,535 @@
msgid ": Need at least python 2.6)\n"
msgstr ""
-#: src/ufw:139 src/frontend.py:625 src/frontend.py:927
+#: src/ufw:139 src/frontend.py:636 src/frontend.py:938
msgid "Aborted"
msgstr ""
-#: src/backend.py:70
-msgid "Couldn't determine iptables version"
-msgstr ""
-
-#: src/backend.py:149
-msgid "problem running sysctl"
-msgstr ""
-
-#: src/backend.py:188
-msgid "Checks disabled"
-msgstr ""
-
-#: src/backend.py:194
-msgid "ERROR: this script should not be SUID"
-msgstr ""
-
-#: src/backend.py:197
-msgid "ERROR: this script should not be SGID"
-msgstr ""
-
-#: src/backend.py:202
-msgid "You need to be root to run this script"
+#: src/applications.py:37
+msgid "Profiles directory does not exist"
msgstr ""
-#: src/backend.py:212
+#: src/applications.py:69
#, python-format
-msgid "'%s' does not exist"
+msgid "Skipping '%s': couldn't stat"
msgstr ""
-#: src/backend.py:235 src/backend_iptables.py:1416
+#: src/applications.py:74
#, python-format
-msgid "Couldn't stat '%s'"
+msgid "Skipping '%s': too big"
msgstr ""
-#: src/backend.py:253
+#: src/applications.py:79
#, python-format
-msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s"
+msgid "Skipping '%s': too many files read already"
msgstr ""
-#: src/backend.py:260
+#: src/applications.py:93
#, python-format
-msgid "%s is world writable!"
+msgid "Skipping '%s': couldn't process"
msgstr ""
-#: src/backend.py:265
+#: src/applications.py:100
#, python-format
-msgid "%s is group writable!"
+msgid "Skipping '%s': name too long"
msgstr ""
-#: src/backend.py:281
+#: src/applications.py:105
#, python-format
-msgid "'%(f)s' file '%(name)s' does not exist"
+msgid "Skipping '%s': invalid name"
msgstr ""
-#: src/backend.py:292 src/backend_iptables.py:690
+#: src/applications.py:111
#, python-format
-msgid "Couldn't open '%s' for reading"
+msgid "Skipping '%s': also in /etc/services"
msgstr ""
-#: src/backend.py:306
+#: src/applications.py:120
#, python-format
-msgid "Missing policy for '%s'"
+msgid "Skipping '%s': field too long"
msgstr ""
-#: src/backend.py:310
+#: src/applications.py:125
#, python-format
-msgid "Invalid policy '%(policy)s' for '%(chain)s'"
-msgstr ""
-
-#: src/backend.py:317
-msgid "Invalid option"
+msgid "Skipping '%(value)s': value too long for '%(field)s'"
msgstr ""
-#: src/backend.py:323 src/backend_iptables.py:790
+#: src/applications.py:135
#, python-format
-msgid "'%s' is not writable"
+msgid "Duplicate profile '%s', using last found"
msgstr ""
-#: src/backend.py:370 src/backend_iptables.py:94
+#: src/applications.py:178
#, python-format
-msgid "Unsupported policy '%s'"
+msgid "Profile '%(fn)s' missing required field '%(f)s'"
msgstr ""
-#: src/backend.py:373
+#: src/applications.py:183
#, python-format
-msgid "Default application policy changed to '%s'"
-msgstr ""
-
-#: src/backend.py:440
-msgid "No rules found for application profile"
+msgid "Profile '%(fn)s' has empty required field '%(f)s'"
msgstr ""
-#: src/backend.py:496
+#: src/applications.py:198
#, python-format
-msgid "Rules updated for profile '%s'"
+msgid "Invalid ports in profile '%s'"
msgstr ""
-#: src/backend.py:502
-msgid "Couldn't update application rules"
+#: src/backend_iptables.py:82
+msgid "New profiles:"
msgstr ""
-#: src/backend.py:524
+#: src/backend_iptables.py:98 src/backend.py:370
#, python-format
-msgid "Found multiple matches for '%s'. Please use exact profile name"
+msgid "Unsupported policy '%s'"
msgstr ""
-#: src/backend.py:527
+#: src/backend_iptables.py:103
#, python-format
-msgid "Could not find a profile matching '%s'"
-msgstr ""
-
-#: src/backend.py:594
-msgid "Logging: "
-msgstr ""
-
-#: src/backend.py:598
-msgid "unknown"
+msgid "Unsupported policy for direction '%s'"
msgstr ""
-#: src/backend.py:610 src/backend_iptables.py:1284
+#: src/backend_iptables.py:163
#, python-format
-msgid "Invalid log level '%s'"
-msgstr ""
-
-#: src/backend.py:625
-msgid "Logging disabled"
-msgstr ""
-
-#: src/backend.py:627
-msgid "Logging enabled"
+msgid "Default %(direction)s policy changed to '%(policy)s'\n"
msgstr ""
-#: src/common.py:196
-#, python-format
-msgid "Bad port '%s'"
+#: src/backend_iptables.py:165
+msgid "(be sure to update your rules accordingly)"
msgstr ""
-#: src/common.py:252
-#, python-format
-msgid "Unsupported protocol '%s'"
+#: src/backend_iptables.py:172
+msgid "Checking raw iptables\n"
msgstr ""
-#: src/common.py:280
-msgid "Bad source address"
+#: src/backend_iptables.py:173
+msgid "Checking raw ip6tables\n"
msgstr ""
-#: src/common.py:290
-msgid "Bad destination address"
+#: src/backend_iptables.py:266
+msgid "Checking iptables\n"
msgstr ""
-#: src/common.py:309
-msgid "Bad interface type"
+#: src/backend_iptables.py:268
+msgid "Checking ip6tables\n"
msgstr ""
-#: src/common.py:314
-msgid "Bad interface name: reserved character: '!'"
+#: src/backend_iptables.py:271 src/backend_iptables.py:572
+msgid "problem running"
msgstr ""
-#: src/common.py:318
-msgid "Bad interface name: can't use interface aliases"
+#: src/backend_iptables.py:277
+msgid "Status: inactive"
msgstr ""
-#: src/common.py:322
-msgid "Bad interface name: can't use '.' or '..'"
+#: src/backend_iptables.py:447
+msgid "To"
msgstr ""
-#: src/common.py:326
-msgid "Bad interface name: interface name is empty"
+#: src/backend_iptables.py:448
+msgid "From"
msgstr ""
-#: src/common.py:330
-msgid "Bad interface name: interface name too long"
+#: src/backend_iptables.py:449
+msgid "Action"
msgstr ""
-#: src/common.py:335
-msgid "Bad interface name"
+#: src/backend_iptables.py:465 src/backend_iptables.py:469
+msgid "\n"
msgstr ""
-#: src/common.py:349
+#: src/backend_iptables.py:477
#, python-format
-msgid "Insert position '%s' is not a valid position"
+msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)"
msgstr ""
-#: src/common.py:359
+#: src/backend_iptables.py:485
#, python-format
-msgid "Invalid log type '%s'"
+msgid ""
+"Status: active\n"
+"%(log)s\n"
+"%(pol)s\n"
+"%(app)s%(status)s"
msgstr ""
-#: src/common.py:367
+#: src/backend_iptables.py:489
#, python-format
-msgid "Unsupported direction '%s'"
+msgid "Status: active%s"
msgstr ""
-#: src/common.py:386
-msgid "Could not normalize source address"
+#: src/backend_iptables.py:494 src/backend_iptables.py:512
+msgid "running ufw-init"
msgstr ""
-#: src/common.py:397
-msgid "Could not normalize destination address"
+#: src/backend_iptables.py:506 src/backend_iptables.py:524
+#, python-format
+msgid ""
+"problem running ufw-init\n"
+"%s"
msgstr ""
-#: src/common.py:463
-msgid "Found exact match"
+#: src/backend_iptables.py:533
+msgid "Could not set LOGLEVEL"
msgstr ""
-#: src/common.py:468
-msgid "Found exact match, excepting comment"
+#: src/backend_iptables.py:539
+msgid "Could not load logging rules"
msgstr ""
-#: src/common.py:472
+#: src/backend_iptables.py:694 src/backend.py:292
#, python-format
-msgid ""
-"Found non-action/non-logtype/comment match (%(xa)s/%(ya)s/'%(xc)s' %(xl)s/"
-"%(yl)s/'%(yc)s')"
+msgid "Couldn't open '%s' for reading"
msgstr ""
-#: src/common.py:630
+#: src/backend_iptables.py:713
#, python-format
-msgid "Improper rule syntax ('%s' specified with app rule)"
+msgid "Skipping malformed tuple (bad length): %s"
msgstr ""
-#: src/common.py:637
+#: src/backend_iptables.py:724
#, python-format
-msgid "Invalid IPv6 address with protocol '%s'"
+msgid "Skipping malformed tuple (iface): %s"
msgstr ""
-#: src/common.py:643 src/util.py:84
+#: src/backend_iptables.py:772
#, python-format
-msgid "Invalid port with protocol '%s'"
+msgid "Skipping malformed tuple: %s"
msgstr ""
-#: src/parser.py:110
+#: src/backend_iptables.py:794 src/backend.py:323
#, python-format
-msgid "Cannot insert rule at position '%s'"
-msgstr ""
-
-#: src/parser.py:148
-msgid "Invalid interface clause"
+msgid "'%s' is not writable"
msgstr ""
-#: src/parser.py:174
-msgid "Option 'log' not allowed here"
+#: src/backend_iptables.py:970
+msgid "Adding IPv6 rule failed: IPv6 not enabled"
msgstr ""
-#: src/parser.py:178
-msgid "Option 'log-all' not allowed here"
+#: src/backend_iptables.py:974
+#, python-format
+msgid "Skipping unsupported IPv6 '%s' rule"
msgstr ""
-#: src/parser.py:185
-msgid "Option 'comment' missing required argument"
+#: src/backend_iptables.py:978
+#, python-format
+msgid "Skipping unsupported IPv4 '%s' rule"
msgstr ""
-#: src/parser.py:191
-msgid "Comment may not contain \"'\""
+#: src/backend_iptables.py:981
+msgid "Must specify 'tcp' or 'udp' with multiple ports"
msgstr ""
-#: src/parser.py:233 src/parser.py:359
-msgid "Port ranges must be numeric"
+#: src/backend_iptables.py:993
+msgid "Skipping IPv6 application rule. Need at least iptables 1.4"
msgstr ""
-#: src/parser.py:242 src/util.py:87
-msgid "Bad port"
+#: src/backend_iptables.py:998
+#, python-format
+msgid "Invalid position '%d'"
msgstr ""
-#: src/parser.py:245
-msgid "Wrong number of arguments"
+#: src/backend_iptables.py:1002
+msgid "Cannot specify insert and delete"
msgstr ""
-#: src/parser.py:249
-msgid "Need 'to' or 'from' clause"
+#: src/backend_iptables.py:1063
+msgid "Skipping inserting existing rule"
msgstr ""
-#: src/parser.py:264
-msgid "Improper rule syntax"
+#: src/backend_iptables.py:1074 src/frontend.py:426
+msgid "Could not delete non-existent rule"
msgstr ""
-#: src/parser.py:271
-#, python-format
-msgid "Invalid token '%s'"
+#: src/backend_iptables.py:1079
+msgid "Skipping adding existing rule"
msgstr ""
-#: src/parser.py:283
-msgid "Invalid 'proto' clause"
+#: src/backend_iptables.py:1095
+msgid "Couldn't update rules file"
msgstr ""
-#: src/parser.py:298
-#, python-format
-msgid "Invalid '%s' clause"
+#: src/backend_iptables.py:1100
+msgid "Rules updated"
msgstr ""
-#: src/parser.py:320
-msgid "Invalid 'from' clause"
+#: src/backend_iptables.py:1102
+msgid "Rules updated (v6)"
msgstr ""
-#: src/parser.py:342
-msgid "Invalid 'to' clause"
+#: src/backend_iptables.py:1110
+msgid "Rule inserted"
msgstr ""
-#: src/parser.py:347
-#, python-format
-msgid "Need 'from' or 'to' with '%s'"
+#: src/backend_iptables.py:1112
+msgid "Rule updated"
msgstr ""
-#: src/parser.py:374
-msgid "Invalid 'port' clause"
+#: src/backend_iptables.py:1122 src/backend_iptables.py:1139
+msgid " (skipped reloading firewall)"
msgstr ""
-#: src/parser.py:383
-msgid "Mixed IP versions for 'from' and 'to'"
+#: src/backend_iptables.py:1125
+msgid "Rule deleted"
msgstr ""
-#: src/parser.py:400 src/parser.py:410 src/parser.py:419
-msgid "Could not find protocol"
+#: src/backend_iptables.py:1142
+msgid "Rule added"
msgstr ""
-#: src/parser.py:426
-msgid "Protocol mismatch (from/to)"
+#: src/backend_iptables.py:1159 src/backend_iptables.py:1250
+msgid "Could not update running firewall"
msgstr ""
-#: src/parser.py:433
+#: src/backend_iptables.py:1214
#, python-format
-msgid "Protocol mismatch with specified protocol %s"
-msgstr ""
-
-#: src/parser.py:552
-msgid "'route delete NUM' unsupported. Use 'delete NUM' instead."
+msgid "Could not perform '%s'"
msgstr ""
-#: src/parser.py:585
-msgid "Invalid interface clause for route rule"
+#: src/backend_iptables.py:1241
+msgid "Couldn't update rules file for logging"
msgstr ""
-#: src/parser.py:884
+#: src/backend_iptables.py:1299 src/backend.py:610
#, python-format
-msgid "Command '%s' already exists"
-msgstr ""
-
-#: src/util.py:446
-msgid "Couldn't find pid (is /proc mounted?)"
+msgid "Invalid log level '%s'"
msgstr ""
-#: src/util.py:450
+#: src/backend_iptables.py:1397
#, python-format
-msgid "Couldn't find parent pid for '%s'"
+msgid "Could not find '%s'. Aborting"
msgstr ""
-#: src/util.py:460
+#: src/backend_iptables.py:1409
#, python-format
-msgid "Couldn't find '%s'"
+msgid "'%s' already exists. Aborting"
msgstr ""
-#: src/util.py:466
+#: src/backend_iptables.py:1415
#, python-format
-msgid "Could not find executable for '%s'"
+msgid "Backing up '%(old)s' to '%(new)s'\n"
msgstr ""
-#: src/util.py:1026
+#: src/backend_iptables.py:1431 src/backend.py:235
#, python-format
-msgid "Could not get statistics for '%s'"
-msgstr ""
-
-#: src/backend_iptables.py:78
-msgid "New profiles:"
+msgid "Couldn't stat '%s'"
msgstr ""
-#: src/backend_iptables.py:99
+#: src/backend_iptables.py:1436
#, python-format
-msgid "Unsupported policy for direction '%s'"
+msgid "WARN: '%s' is world writable"
msgstr ""
-#: src/backend_iptables.py:159
+#: src/backend_iptables.py:1438
#, python-format
-msgid "Default %(direction)s policy changed to '%(policy)s'\n"
-msgstr ""
-
-#: src/backend_iptables.py:161
-msgid "(be sure to update your rules accordingly)"
+msgid "WARN: '%s' is world readable"
msgstr ""
-#: src/backend_iptables.py:168
-msgid "Checking raw iptables\n"
+#: src/backend.py:70
+msgid "Couldn't determine iptables version"
msgstr ""
-#: src/backend_iptables.py:169
-msgid "Checking raw ip6tables\n"
+#: src/backend.py:149
+msgid "problem running sysctl"
msgstr ""
-#: src/backend_iptables.py:262
-msgid "Checking iptables\n"
+#: src/backend.py:188
+msgid "Checks disabled"
msgstr ""
-#: src/backend_iptables.py:264
-msgid "Checking ip6tables\n"
+#: src/backend.py:194
+msgid "ERROR: this script should not be SUID"
msgstr ""
-#: src/backend_iptables.py:267 src/backend_iptables.py:568
-msgid "problem running"
+#: src/backend.py:197
+msgid "ERROR: this script should not be SGID"
msgstr ""
-#: src/backend_iptables.py:273
-msgid "Status: inactive"
+#: src/backend.py:202
+msgid "You need to be root to run this script"
msgstr ""
-#: src/backend_iptables.py:443
-msgid "To"
+#: src/backend.py:212
+#, python-format
+msgid "'%s' does not exist"
msgstr ""
-#: src/backend_iptables.py:444
-msgid "From"
+#: src/backend.py:253
+#, python-format
+msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s"
msgstr ""
-#: src/backend_iptables.py:445
-msgid "Action"
+#: src/backend.py:260
+#, python-format
+msgid "%s is world writable!"
msgstr ""
-#: src/backend_iptables.py:461 src/backend_iptables.py:465
-msgid "\n"
+#: src/backend.py:265
+#, python-format
+msgid "%s is group writable!"
msgstr ""
-#: src/backend_iptables.py:473
+#: src/backend.py:281
#, python-format
-msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)"
+msgid "'%(f)s' file '%(name)s' does not exist"
msgstr ""
-#: src/backend_iptables.py:481
+#: src/backend.py:306
#, python-format
-msgid ""
-"Status: active\n"
-"%(log)s\n"
-"%(pol)s\n"
-"%(app)s%(status)s"
+msgid "Missing policy for '%s'"
msgstr ""
-#: src/backend_iptables.py:485
+#: src/backend.py:310
#, python-format
-msgid "Status: active%s"
+msgid "Invalid policy '%(policy)s' for '%(chain)s'"
msgstr ""
-#: src/backend_iptables.py:490 src/backend_iptables.py:508
-msgid "running ufw-init"
+#: src/backend.py:317
+msgid "Invalid option"
msgstr ""
-#: src/backend_iptables.py:502 src/backend_iptables.py:520
+#: src/backend.py:373
#, python-format
-msgid ""
-"problem running ufw-init\n"
-"%s"
-msgstr ""
-
-#: src/backend_iptables.py:529
-msgid "Could not set LOGLEVEL"
+msgid "Default application policy changed to '%s'"
msgstr ""
-#: src/backend_iptables.py:535
-msgid "Could not load logging rules"
+#: src/backend.py:440
+msgid "No rules found for application profile"
msgstr ""
-#: src/backend_iptables.py:709
+#: src/backend.py:496
#, python-format
-msgid "Skipping malformed tuple (bad length): %s"
+msgid "Rules updated for profile '%s'"
msgstr ""
-#: src/backend_iptables.py:720
-#, python-format
-msgid "Skipping malformed tuple (iface): %s"
+#: src/backend.py:502
+msgid "Couldn't update application rules"
msgstr ""
-#: src/backend_iptables.py:768
+#: src/backend.py:524
#, python-format
-msgid "Skipping malformed tuple: %s"
+msgid "Found multiple matches for '%s'. Please use exact profile name"
msgstr ""
-#: src/backend_iptables.py:966
-msgid "Adding IPv6 rule failed: IPv6 not enabled"
+#: src/backend.py:527
+#, python-format
+msgid "Could not find a profile matching '%s'"
msgstr ""
-#: src/backend_iptables.py:970
-#, python-format
-msgid "Skipping unsupported IPv6 '%s' rule"
+#: src/backend.py:594
+msgid "Logging: "
msgstr ""
-#: src/backend_iptables.py:974
-#, python-format
-msgid "Skipping unsupported IPv4 '%s' rule"
+#: src/backend.py:598
+msgid "unknown"
msgstr ""
-#: src/backend_iptables.py:977
-msgid "Must specify 'tcp' or 'udp' with multiple ports"
+#: src/backend.py:625
+msgid "Logging disabled"
msgstr ""
-#: src/backend_iptables.py:989
-msgid "Skipping IPv6 application rule. Need at least iptables 1.4"
+#: src/backend.py:627
+msgid "Logging enabled"
msgstr ""
-#: src/backend_iptables.py:994
+#: src/common.py:196
#, python-format
-msgid "Invalid position '%d'"
+msgid "Bad port '%s'"
msgstr ""
-#: src/backend_iptables.py:998
-msgid "Cannot specify insert and delete"
+#: src/common.py:252
+#, python-format
+msgid "Unsupported protocol '%s'"
msgstr ""
-#: src/backend_iptables.py:1001
-#, python-format
-msgid "Cannot insert rule at position '%d'"
+#: src/common.py:280
+msgid "Bad source address"
msgstr ""
-#: src/backend_iptables.py:1062
-msgid "Skipping inserting existing rule"
+#: src/common.py:290
+msgid "Bad destination address"
msgstr ""
-#: src/backend_iptables.py:1073 src/frontend.py:415
-msgid "Could not delete non-existent rule"
+#: src/common.py:309
+msgid "Bad interface type"
msgstr ""
-#: src/backend_iptables.py:1078
-msgid "Skipping adding existing rule"
+#: src/common.py:314
+msgid "Bad interface name: reserved character: '!'"
msgstr ""
-#: src/backend_iptables.py:1094
-msgid "Couldn't update rules file"
+#: src/common.py:318
+msgid "Bad interface name: can't use interface aliases"
msgstr ""
-#: src/backend_iptables.py:1099
-msgid "Rules updated"
+#: src/common.py:322
+msgid "Bad interface name: can't use '.' or '..'"
msgstr ""
-#: src/backend_iptables.py:1101
-msgid "Rules updated (v6)"
+#: src/common.py:326
+msgid "Bad interface name: interface name is empty"
msgstr ""
-#: src/backend_iptables.py:1109
-msgid "Rule inserted"
+#: src/common.py:330
+msgid "Bad interface name: interface name too long"
msgstr ""
-#: src/backend_iptables.py:1111
-msgid "Rule updated"
+#: src/common.py:335
+msgid "Bad interface name"
msgstr ""
-#: src/backend_iptables.py:1121
-msgid " (skipped reloading firewall)"
+#: src/common.py:349
+#, python-format
+msgid "Insert position '%s' is not a valid position"
msgstr ""
-#: src/backend_iptables.py:1124
-msgid "Rule deleted"
+#: src/common.py:359
+#, python-format
+msgid "Invalid log type '%s'"
msgstr ""
-#: src/backend_iptables.py:1127
-msgid "Rule added"
+#: src/common.py:367
+#, python-format
+msgid "Unsupported direction '%s'"
msgstr ""
-#: src/backend_iptables.py:1144 src/backend_iptables.py:1235
-msgid "Could not update running firewall"
+#: src/common.py:386
+msgid "Could not normalize source address"
msgstr ""
-#: src/backend_iptables.py:1199
-#, python-format
-msgid "Could not perform '%s'"
+#: src/common.py:397
+msgid "Could not normalize destination address"
msgstr ""
-#: src/backend_iptables.py:1226
-msgid "Couldn't update rules file for logging"
+#: src/common.py:463
+msgid "Found exact match"
msgstr ""
-#: src/backend_iptables.py:1382
-#, python-format
-msgid "Could not find '%s'. Aborting"
+#: src/common.py:468
+msgid "Found exact match, excepting comment"
msgstr ""
-#: src/backend_iptables.py:1394
+#: src/common.py:472
#, python-format
-msgid "'%s' already exists. Aborting"
+msgid ""
+"Found non-action/non-logtype/comment match (%(xa)s/%(ya)s/'%(xc)s' %(xl)s/"
+"%(yl)s/'%(yc)s')"
msgstr ""
-#: src/backend_iptables.py:1400
+#: src/common.py:635
#, python-format
-msgid "Backing up '%(old)s' to '%(new)s'\n"
+msgid "Improper rule syntax ('%s' specified with app rule)"
msgstr ""
-#: src/backend_iptables.py:1421
+#: src/common.py:642
#, python-format
-msgid "WARN: '%s' is world writable"
+msgid "Invalid IPv6 address with protocol '%s'"
msgstr ""
-#: src/backend_iptables.py:1423
+#: src/common.py:648 src/util.py:84
#, python-format
-msgid "WARN: '%s' is world readable"
+msgid "Invalid port with protocol '%s'"
msgstr ""
-#: src/frontend.py:93
+#: src/frontend.py:103
#, python-format
msgid ""
"\n"
@@ -632,6 +566,7 @@
" %(limit)-31s add limit %(rule)s\n"
" %(delete)-31s delete %(urule)s\n"
" %(insert)-31s insert %(urule)s at %(number)s\n"
+" %(prepend)-31s prepend %(urule)s\n"
" %(route)-31s add route %(urule)s\n"
" %(route-delete)-31s delete route %(urule)s\n"
" %(route-insert)-31s insert route %(urule)s at %(number)s\n"
@@ -650,87 +585,87 @@
" %(appdefault)-31s set default application policy\n"
msgstr ""
-#: src/frontend.py:176
+#: src/frontend.py:187
msgid "n"
msgstr ""
-#: src/frontend.py:177
+#: src/frontend.py:188
msgid "y"
msgstr ""
-#: src/frontend.py:178
+#: src/frontend.py:189
msgid "yes"
msgstr ""
-#: src/frontend.py:223
+#: src/frontend.py:234
msgid "Firewall is active and enabled on system startup"
msgstr ""
-#: src/frontend.py:230
+#: src/frontend.py:241
msgid "Firewall stopped and disabled on system startup"
msgstr ""
-#: src/frontend.py:282
+#: src/frontend.py:293
msgid "Could not get listening status"
msgstr ""
-#: src/frontend.py:351
+#: src/frontend.py:362
msgid "Added user rules (see 'ufw status' for running firewall):"
msgstr ""
-#: src/frontend.py:354
+#: src/frontend.py:365
msgid ""
"\n"
"(None)"
msgstr ""
-#: src/frontend.py:410 src/frontend.py:521 src/frontend.py:534
+#: src/frontend.py:421 src/frontend.py:532 src/frontend.py:545
#, python-format
msgid "Invalid IP version '%s'"
msgstr ""
-#: src/frontend.py:441
+#: src/frontend.py:452
msgid "Invalid position '"
msgstr ""
-#: src/frontend.py:531
+#: src/frontend.py:542
msgid "IPv6 support not enabled"
msgstr ""
-#: src/frontend.py:542
+#: src/frontend.py:553
msgid "Rule changed after normalization"
msgstr ""
-#: src/frontend.py:566
+#: src/frontend.py:577
#, python-format
msgid "Could not back out rule '%s'"
msgstr ""
-#: src/frontend.py:570
+#: src/frontend.py:581
msgid ""
"\n"
"Error applying application rules."
msgstr ""
-#: src/frontend.py:572
+#: src/frontend.py:583
msgid " Some rules could not be unapplied."
msgstr ""
-#: src/frontend.py:574
+#: src/frontend.py:585
msgid " Attempted rules successfully unapplied."
msgstr ""
-#: src/frontend.py:585
+#: src/frontend.py:596
#, python-format
msgid "Could not find rule '%s'"
msgstr ""
-#: src/frontend.py:590 src/frontend.py:595
+#: src/frontend.py:601 src/frontend.py:606
#, python-format
msgid "Could not find rule '%d'"
msgstr ""
-#: src/frontend.py:611
+#: src/frontend.py:622
#, python-format
msgid ""
"Deleting:\n"
@@ -738,164 +673,225 @@
"Proceed with operation (%(yes)s|%(no)s)? "
msgstr ""
-#: src/frontend.py:643
+#: src/frontend.py:654
msgid "Unsupported default policy"
msgstr ""
-#: src/frontend.py:672 src/frontend.py:817
+#: src/frontend.py:683 src/frontend.py:828
msgid "Firewall reloaded"
msgstr ""
-#: src/frontend.py:674
+#: src/frontend.py:685
msgid "Firewall not enabled (skipping reload)"
msgstr ""
-#: src/frontend.py:691 src/frontend.py:705 src/frontend.py:742
+#: src/frontend.py:702 src/frontend.py:716 src/frontend.py:753
msgid "Invalid profile name"
msgstr ""
-#: src/frontend.py:710 src/frontend.py:892
+#: src/frontend.py:721 src/frontend.py:903
#, python-format
msgid "Unsupported action '%s'"
msgstr ""
-#: src/frontend.py:729
+#: src/frontend.py:740
msgid "Available applications:"
msgstr ""
-#: src/frontend.py:750
+#: src/frontend.py:761
#, python-format
msgid "Could not find profile '%s'"
msgstr ""
-#: src/frontend.py:755
+#: src/frontend.py:766
msgid "Invalid profile"
msgstr ""
-#: src/frontend.py:758
+#: src/frontend.py:769
#, python-format
msgid "Profile: %s\n"
msgstr ""
-#: src/frontend.py:759
+#: src/frontend.py:770
#, python-format
msgid "Title: %s\n"
msgstr ""
-#: src/frontend.py:762
+#: src/frontend.py:773
#, python-format
msgid ""
"Description: %s\n"
"\n"
msgstr ""
-#: src/frontend.py:768
+#: src/frontend.py:779
msgid "Ports:"
msgstr ""
-#: src/frontend.py:770
+#: src/frontend.py:781
msgid "Port:"
msgstr ""
-#: src/frontend.py:819
+#: src/frontend.py:830
msgid "Skipped reloading firewall"
msgstr ""
-#: src/frontend.py:829
+#: src/frontend.py:840
msgid "Cannot specify 'all' with '--add-new'"
msgstr ""
-#: src/frontend.py:844
+#: src/frontend.py:855
#, python-format
msgid "Unknown policy '%s'"
msgstr ""
-#: src/frontend.py:901
+#: src/frontend.py:912
#, python-format
msgid ""
"Command may disrupt existing ssh connections. Proceed with operation "
"(%(yes)s|%(no)s)? "
msgstr ""
-#: src/frontend.py:914
+#: src/frontend.py:925
#, python-format
msgid ""
"Resetting all rules to installed defaults. Proceed with operation (%(yes)s|"
"%(no)s)? "
msgstr ""
-#: src/frontend.py:918
+#: src/frontend.py:929
#, python-format
msgid ""
"Resetting all rules to installed defaults. This may disrupt existing ssh "
"connections. Proceed with operation (%(yes)s|%(no)s)? "
msgstr ""
-#: src/applications.py:37
-msgid "Profiles directory does not exist"
+#: src/parser.py:110
+#, python-format
+msgid "Cannot insert rule at position '%s'"
msgstr ""
-#: src/applications.py:69
-#, python-format
-msgid "Skipping '%s': couldn't stat"
+#: src/parser.py:148
+msgid "Invalid interface clause"
msgstr ""
-#: src/applications.py:74
-#, python-format
-msgid "Skipping '%s': too big"
+#: src/parser.py:174
+msgid "Option 'log' not allowed here"
msgstr ""
-#: src/applications.py:79
-#, python-format
-msgid "Skipping '%s': too many files read already"
+#: src/parser.py:178
+msgid "Option 'log-all' not allowed here"
msgstr ""
-#: src/applications.py:93
-#, python-format
-msgid "Skipping '%s': couldn't process"
+#: src/parser.py:185
+msgid "Option 'comment' missing required argument"
msgstr ""
-#: src/applications.py:100
+#: src/parser.py:191
+msgid "Comment may not contain \"'\""
+msgstr ""
+
+#: src/parser.py:233 src/parser.py:359
+msgid "Port ranges must be numeric"
+msgstr ""
+
+#: src/parser.py:242 src/util.py:87
+msgid "Bad port"
+msgstr ""
+
+#: src/parser.py:245
+msgid "Wrong number of arguments"
+msgstr ""
+
+#: src/parser.py:249
+msgid "Need 'to' or 'from' clause"
+msgstr ""
+
+#: src/parser.py:264
+msgid "Improper rule syntax"
+msgstr ""
+
+#: src/parser.py:271
#, python-format
-msgid "Skipping '%s': name too long"
+msgid "Invalid token '%s'"
msgstr ""
-#: src/applications.py:105
+#: src/parser.py:283
+msgid "Invalid 'proto' clause"
+msgstr ""
+
+#: src/parser.py:298
#, python-format
-msgid "Skipping '%s': invalid name"
+msgid "Invalid '%s' clause"
msgstr ""
-#: src/applications.py:111
+#: src/parser.py:320
+msgid "Invalid 'from' clause"
+msgstr ""
+
+#: src/parser.py:342
+msgid "Invalid 'to' clause"
+msgstr ""
+
+#: src/parser.py:347
#, python-format
-msgid "Skipping '%s': also in /etc/services"
+msgid "Need 'from' or 'to' with '%s'"
msgstr ""
-#: src/applications.py:120
+#: src/parser.py:374
+msgid "Invalid 'port' clause"
+msgstr ""
+
+#: src/parser.py:383
+msgid "Mixed IP versions for 'from' and 'to'"
+msgstr ""
+
+#: src/parser.py:400 src/parser.py:410 src/parser.py:419
+msgid "Could not find protocol"
+msgstr ""
+
+#: src/parser.py:426
+msgid "Protocol mismatch (from/to)"
+msgstr ""
+
+#: src/parser.py:433
#, python-format
-msgid "Skipping '%s': field too long"
+msgid "Protocol mismatch with specified protocol %s"
msgstr ""
-#: src/applications.py:125
+#: src/parser.py:552
+msgid "'route delete NUM' unsupported. Use 'delete NUM' instead."
+msgstr ""
+
+#: src/parser.py:585
+msgid "Invalid interface clause for route rule"
+msgstr ""
+
+#: src/parser.py:884
#, python-format
-msgid "Skipping '%(value)s': value too long for '%(field)s'"
+msgid "Command '%s' already exists"
msgstr ""
-#: src/applications.py:135
+#: src/util.py:431
+msgid "Couldn't find pid (is /proc mounted?)"
+msgstr ""
+
+#: src/util.py:435
#, python-format
-msgid "Duplicate profile '%s', using last found"
+msgid "Couldn't find parent pid for '%s'"
msgstr ""
-#: src/applications.py:178
+#: src/util.py:445
#, python-format
-msgid "Profile '%(fn)s' missing required field '%(f)s'"
+msgid "Couldn't find '%s'"
msgstr ""
-#: src/applications.py:183
+#: src/util.py:451
#, python-format
-msgid "Profile '%(fn)s' has empty required field '%(f)s'"
+msgid "Could not find executable for '%s'"
msgstr ""
-#: src/applications.py:198
+#: src/util.py:1037
#, python-format
-msgid "Invalid ports in profile '%s'"
+msgid "Could not get statistics for '%s'"
msgstr ""
diff -Nru ufw-0.36.1/setup.py ufw-0.36.2/setup.py
--- ufw-0.36.1/setup.py 2021-09-18 20:19:01.000000000 -0500
+++ ufw-0.36.2/setup.py 2023-05-18 08:07:39.000000000 -0500
@@ -34,7 +34,7 @@
import shutil
import subprocess
-ufw_version = '0.36.1'
+ufw_version = '0.36.2'
def cmd(command):
'''Try to execute the given command.'''
diff -Nru ufw-0.36.1/snapcraft.yaml ufw-0.36.2/snapcraft.yaml
--- ufw-0.36.1/snapcraft.yaml 2021-09-18 20:19:01.000000000 -0500
+++ ufw-0.36.2/snapcraft.yaml 2023-05-18 08:07:39.000000000 -0500
@@ -1,5 +1,5 @@
name: ufw
-version: 0.36.1
+version: 0.36.2
summary: ufw (Uncomplicated Firewall)
description: ufw as a snap
confinement: strict
diff -Nru ufw-0.36.1/src/backend_iptables.py ufw-0.36.2/src/backend_iptables.py
--- ufw-0.36.1/src/backend_iptables.py 2021-09-18 20:19:01.000000000 -0500
+++ ufw-0.36.2/src/backend_iptables.py 2023-05-18 08:07:39.000000000 -0500
@@ -1001,9 +1001,6 @@
if position > 0 and rule.remove:
err_msg = _("Cannot specify insert and delete")
raise UFWError(err_msg)
- if position > len(rules):
- err_msg = _("Cannot insert rule at position '%d'") % position
- raise UFWError(err_msg)
# First construct the new rules list
try:
diff -Nru ufw-0.36.1/src/backend.py ufw-0.36.2/src/backend.py
--- ufw-0.36.1/src/backend.py 2021-09-18 20:19:01.000000000 -0500
+++ ufw-0.36.2/src/backend.py 2023-05-18 08:07:39.000000000 -0500
@@ -1,6 +1,6 @@
'''backend.py: interface for ufw backends'''
#
-# Copyright 2008-2018 Canonical Ltd.
+# Copyright 2008-2023 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
@@ -628,7 +628,15 @@
def get_rules(self):
'''Return list of all rules'''
- return self.rules + self.rules6
+ return self.get_rules_ipv4() + self.get_rules_ipv6()
+
+ def get_rules_ipv4(self):
+ '''Return list of IPv4 rules'''
+ return self.rules
+
+ def get_rules_ipv6(self):
+ '''Return list of IPv6 rules'''
+ return self.rules6
def get_rules_count(self, v6):
'''Return number of ufw rules (not iptables rules)'''
diff -Nru ufw-0.36.1/src/frontend.py ufw-0.36.2/src/frontend.py
--- ufw-0.36.1/src/frontend.py 2021-09-18 20:19:01.000000000 -0500
+++ ufw-0.36.2/src/frontend.py 2023-05-18 08:07:39.000000000 -0500
@@ -1,6 +1,6 @@
'''frontend.py: frontend interface for ufw'''
#
-# Copyright 2008-2018 Canonical Ltd.
+# Copyright 2008-2023 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
@@ -31,8 +31,17 @@
p = ufw.parser.UFWParser()
# Basic commands
- for i in ['enable', 'disable', 'help', '--help', 'version', '--version', \
- 'reload', 'reset' ]:
+ for i in [
+ "enable",
+ "disable",
+ "help",
+ "--help",
+ "-h",
+ "version",
+ "--version",
+ "reload",
+ "reset",
+ ]:
p.register_command(ufw.parser.UFWCommandBasic(i))
# Application commands
@@ -74,8 +83,9 @@
argv[idx].lower() in rule_commands:
argv.insert(idx, 'rule')
- if len(argv) < 2 or ('--dry-run' in argv and len(argv) < 3):
- error("not enough args") # pragma: no cover
+ if len(argv) < 2 or ("--dry-run" in argv and len(argv) < 3):
+ error("not enough args", do_exit=False) # pragma: no cover
+ raise ValueError()
try:
pr = p.parse_command(argv[1:])
diff -Nru ufw-0.36.1/src/ufw ufw-0.36.2/src/ufw
--- ufw-0.36.1/src/ufw 2021-09-18 20:19:01.000000000 -0500
+++ ufw-0.36.2/src/ufw 2023-05-18 08:07:39.000000000 -0500
@@ -2,7 +2,7 @@
#
# ufw: front-end for Linux firewalling (cli)
#
-# Copyright 2008-2018 Canonical Ltd.
+# Copyright 2008-2023 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
@@ -103,12 +103,12 @@
except Exception:
raise
- if pr.action == "help" or pr.action == "--help":
+ if pr.action == "help" or pr.action == "--help" or pr.action == "-h":
msg(ufw.frontend.get_command_help())
sys.exit(0)
elif pr.action == "version" or pr.action == "--version":
msg(ufw.common.programName + " " + version)
- msg("Copyright 2008-2018 Canonical Ltd.")
+ msg("Copyright 2008-2023 Canonical Ltd.")
sys.exit(0)
try:
diff -Nru ufw-0.36.1/src/ufw-init-functions ufw-0.36.2/src/ufw-init-functions
--- ufw-0.36.1/src/ufw-init-functions 2021-09-18 17:00:21.000000000 -0500
+++ ufw-0.36.2/src/ufw-init-functions 2023-05-16 09:51:25.000000000 -0500
@@ -168,29 +168,6 @@
AFTER_RULES="$RULES_PATH/after${type}.rules"
USER_RULES="$USER_PATH/user${type}.rules"
- # set the default policy
- input_pol="$DEFAULT_INPUT_POLICY"
- if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then
- input_pol="DROP"
- fi
-
- output_pol="$DEFAULT_OUTPUT_POLICY"
- if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then
- output_pol="DROP"
- fi
-
- forward_pol="$DEFAULT_FORWARD_POLICY"
- if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then
- forward_pol="DROP"
- fi
-
- printf "*filter\n"\
-"# builtin chains\n"\
-":INPUT %s [0:0]\n"\
-":FORWARD %s [0:0]\n"\
-":OUTPUT %s [0:0]\n"\
-"COMMIT\n" $input_pol $forward_pol $output_pol | $exe-restore -n || error="yes"
-
# flush the chains (if they exist)
if $exe -L ufw${type}-before-logging-input -n >/dev/null 2>&1 ;
then
delete_chains $type || error="yes"
@@ -378,6 +355,32 @@
out="${out}\nCouldn't find '$USER_RULES'"
error="yes"
fi
+
+ # set the default policy (do this after loading rules so not to
+ # break network rootfs w/ INPUT DROP during ufw init. LP: 1946804)
+ input_pol="$DEFAULT_INPUT_POLICY"
+ if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then
+ input_pol="DROP"
+ fi
+
+ output_pol="$DEFAULT_OUTPUT_POLICY"
+ if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then
+ output_pol="DROP"
+ fi
+
+ forward_pol="$DEFAULT_FORWARD_POLICY"
+ if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then
+ forward_pol="DROP"
+ fi
+
+ # Since we're setting the default policy last, '-n/--noflush' is
+ # important here so we don't undo what we've loaded so far.
+ printf "*filter\n"\
+"# builtin chains\n"\
+":INPUT %s [0:0]\n"\
+":FORWARD %s [0:0]\n"\
+":OUTPUT %s [0:0]\n"\
+"COMMIT\n" $input_pol $forward_pol $output_pol | $exe-restore -n || error="yes"
done
if [ ! -z "$IPT_SYSCTL" ] && [ -s "$IPT_SYSCTL" ]; then
diff -Nru ufw-0.36.1/src/util.py ufw-0.36.2/src/util.py
--- ufw-0.36.1/src/util.py 2021-09-18 20:19:01.000000000 -0500
+++ ufw-0.36.2/src/util.py 2023-05-18 08:07:39.000000000 -0500
@@ -1,6 +1,6 @@
'''util.py: utility functions for ufw'''
#
-# Copyright 2008-2018 Canonical Ltd.
+# Copyright 2008-2023 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
@@ -38,9 +38,9 @@
# We support different protocols these days and only come combinations are
# valid
-supported_protocols = [ 'tcp', 'udp', 'ipv6', 'esp', 'ah', 'igmp', 'gre' ]
-portless_protocols = [ 'ipv6', 'esp', 'ah', 'igmp', 'gre' ]
-ipv4_only_protocols = [ 'ipv6', 'igmp' ]
+supported_protocols = ["tcp", "udp", "ipv6", "esp", "ah", "igmp", "gre",
"vrrp"]
+portless_protocols = ["ipv6", "esp", "ah", "igmp", "gre", "vrrp"]
+ipv4_only_protocols = ["ipv6", "igmp"]
def get_services_proto(port):
@@ -416,7 +416,9 @@
# LP: #1101304
# 9983 (cmd) S 923 ...
# 9983 (cmd with spaces) S 923 ...
- ppid = open(name).readlines()[0].split(')')[1].split()[1]
+ # LP: #2015645
+ # 229 (cmd(withparen)) S 228 ...
+ ppid = open(name).readlines()[0].rsplit(")", 1)[1].split()[1]
return int(ppid)
@@ -1083,8 +1085,16 @@
def hex_decode(h):
'''Take a hex string and convert it to a string'''
if sys.version_info[0] < 3:
- return h.decode(encoding='hex').decode('utf-8')
- return binascii.unhexlify(h).decode('utf-8')
+ return h.decode(encoding="hex").decode("utf-8")
+ # unhexlify requires an even length string, which should normally happen
+ # since hex_encode() will create a string and decode to ascii, which has 2
+ # bytes per character. If we happen to get an odd length string, instead of
+ # tracing back, truncate it by one character and move on. This works
+ # reasonably well in some cases, but might result in a UnicodeDecodeError,
+ # so use backslashreplace in that case.
+ return binascii.unhexlify("%s" % (h[:-1] if len(h) % 2 else h)).decode(
+ "utf-8", "backslashreplace"
+ )
def create_lock(lockfile='/run/ufw.lock', dryrun=False):
diff -Nru ufw-0.36.1/tests/bugs/misc/result ufw-0.36.2/tests/bugs/misc/result
--- ufw-0.36.1/tests/bugs/misc/result 2018-12-14 12:25:55.000000000 -0600
+++ ufw-0.36.2/tests/bugs/misc/result 2023-05-16 09:51:25.000000000 -0500
@@ -163,6 +163,38 @@
29: --dry-run
ERROR: not enough args
+Usage: ufw COMMAND
+
+Commands:
+ enable enables the firewall
+ disable disables the firewall
+ default ARG set default policy
+ logging LEVEL set logging to LEVEL
+ allow ARGS add allow rule
+ deny ARGS add deny rule
+ reject ARGS add reject rule
+ limit ARGS add limit rule
+ delete RULE|NUM delete RULE
+ insert NUM RULE insert RULE at NUM
+ prepend RULE prepend RULE
+ route RULE add route RULE
+ route delete RULE|NUM delete route RULE
+ route insert NUM RULE insert route RULE at NUM
+ reload reload firewall
+ reset reset firewall
+ status show firewall status
+ status numbered show firewall status as numbered list of RULES
+ status verbose show verbose firewall status
+ show ARG show firewall report
+ version display version information
+
+Application profile commands:
+ app list list application profiles
+ app info PROFILE show information on PROFILE
+ app update PROFILE update PROFILE
+ app default ARG set default application policy
+
+
Bug #787955
30: --dry-run status
diff -Nru ufw-0.36.1/tests/check-requirements
ufw-0.36.2/tests/check-requirements
--- ufw-0.36.1/tests/check-requirements 2021-09-18 19:50:19.000000000 -0500
+++ ufw-0.36.2/tests/check-requirements 2023-05-16 09:51:25.000000000 -0500
@@ -59,7 +59,7 @@
echo "pass (binary: $exe, version: $v, py2)"
found_python="yes"
break
- elif echo "$v" | grep -q "^3.[2-8]"; then
+ elif echo "$v" | grep -q "^3.[1-9][0-9]*"; then
echo "pass (binary: $exe, version: $v, py3)"
found_python="yes"
break
@@ -254,18 +254,21 @@
done
# check and warn if various firewall applications are installed
+echo "== System =="
+echo -n "Other firewall applications:"
found=
for exe in apf arno-iptables-firewall ferm firehol firewalld ipkungfu
iptables-persistent netfilter-persistent pyroman uruk ; do
if PATH=/sbin:/usr/sbin:/bin:/usr/bin which "$exe" >/dev/null 2>&1; then
found="$found $exe"
fi
done
-if [ ! -z "$found" ]; then
- echo "WARN: detected other firewall applications:"
- echo "$found"
- echo "(if enabled, these applications may interfere with ufw)"
- echo ""
+if [ -z "$found" ]; then
+ echo " pass"
+else
+ echo -n "$found"
+ echo -n " (if enabled, may interfere with ufw)"
fi
+echo ""
if [ -n "$error" ] || [ -n "$error_runtime" ]; then
if [ -n "$error" ]; then
diff -Nru ufw-0.36.1/tests/root/bugs/result ufw-0.36.2/tests/root/bugs/result
--- ufw-0.36.1/tests/root/bugs/result 2021-09-18 19:50:19.000000000 -0500
+++ ufw-0.36.2/tests/root/bugs/result 2023-05-18 08:06:28.000000000 -0500
@@ -67,14 +67,14 @@
ip6tables -L -n:
Chain INPUT (policy DROP)
target prot opt source destination
-ACCEPT all ::/0 ::/0
+ACCEPT TST -- ::/0 ::/0
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
-ACCEPT all ::/0 ::/0
+ACCEPT TST -- ::/0 ::/0
Bug #260881
Setting IPV6 to no
6: disable
@@ -94,7 +94,7 @@
iptables -L -n:
-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /*
'dapp_Apache' */
+ACCEPT TST -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /*
'dapp_Apache' */
10: delete allow Apache
WARN: Checks disabled
diff -Nru ufw-0.36.1/tests/root/bugs/runtest.sh
ufw-0.36.2/tests/root/bugs/runtest.sh
--- ufw-0.36.1/tests/root/bugs/runtest.sh 2021-09-18 19:50:19.000000000
-0500
+++ ufw-0.36.2/tests/root/bugs/runtest.sh 2023-05-18 08:06:28.000000000
-0500
@@ -38,7 +38,8 @@
echo "/lib/ufw/ufw-init force-reload:" >> $TESTTMP/result
$TESTSTATE/ufw-init force-reload 2>/dev/null >> $TESTTMP/result
echo "ip6tables -L -n:" >> $TESTTMP/result
-ip6tables -L -n 2>/dev/null >> $TESTTMP/result
+# normalize 'ACCEPT {all,tcp}' and 'ACCEPT N' for old/new kernel/iptables
+ip6tables -L -n | sed 's/^ACCEPT \+[a-z0-9]\+ [ -]\+/ACCEPT TST -- /'
2>/dev/null >> $TESTTMP/result
echo "Bug #260881" >> $TESTTMP/result
echo "Setting IPV6 to no" >> $TESTTMP/result
@@ -48,7 +49,8 @@
do_cmd "0" allow Apache
do_cmd "0" delete deny Apache
echo "iptables -L -n:" >> $TESTTMP/result
-iptables -L -n 2>/dev/null | grep -A1 "80" >> $TESTTMP/result
+# normalize 'ACCEPT {all,tcp}' and 'ACCEPT N' for old/new kernel/iptables
+iptables -L -n | sed 's/^ACCEPT \+[a-z0-9]\+ [ -]\+/ACCEPT TST -- /'
2>/dev/null | grep -A1 "80" >> $TESTTMP/result
do_cmd "0" delete allow Apache
echo "iptables -L -n:" >> $TESTTMP/result
iptables -L -n 2>/dev/null | grep -A1 "80" >> $TESTTMP/result
diff -Nru ufw-0.36.1/tests/root/live/result ufw-0.36.2/tests/root/live/result
--- ufw-0.36.1/tests/root/live/result 2021-09-18 19:50:19.000000000 -0500
+++ ufw-0.36.2/tests/root/live/result 2023-05-18 08:06:28.000000000 -0500
@@ -634,7 +634,7 @@
86: enable
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /*
ufw_test_builtins */
+ACCEPT TST -- 0.0.0.0/0 0.0.0.0/0 /*
ufw_test_builtins */
Testing status numbered
Setting IPV6 to yes
87: disable
diff -Nru ufw-0.36.1/tests/root/live/runtest.sh
ufw-0.36.2/tests/root/live/runtest.sh
--- ufw-0.36.1/tests/root/live/runtest.sh 2021-09-18 19:50:19.000000000
-0500
+++ ufw-0.36.2/tests/root/live/runtest.sh 2023-05-18 08:06:28.000000000
-0500
@@ -110,7 +110,8 @@
echo iptables -I INPUT -j ACCEPT -m comment --comment $str >>
$TESTTMP/result
iptables -I INPUT -j ACCEPT -m comment --comment $str >>
$TESTTMP/result
do_cmd "0" nostats enable
- iptables -n -L INPUT 2>/dev/null | grep "$str" >> $TESTTMP/result
+ # normalize 'ACCEPT {all,tcp}' and 'ACCEPT N' for old/new
kernel/iptables
+ iptables -n -L INPUT | sed 's/^ACCEPT \+[a-z0-9]\+ [ -]\+/ACCEPT
TST -- /' 2>/dev/null | grep "$str" >> $TESTTMP/result
iptables -D INPUT -j ACCEPT -m comment --comment $str 2>/dev/null
done
diff -Nru ufw-0.36.1/tests/root/live_route/result
ufw-0.36.2/tests/root/live_route/result
--- ufw-0.36.1/tests/root/live_route/result 2018-12-14 12:25:55.000000000
-0600
+++ ufw-0.36.2/tests/root/live_route/result 2023-05-18 08:06:28.000000000
-0500
@@ -572,7 +572,7 @@
79: enable
-ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /*
ufw_test_builtins */
+ACCEPT TST -- 0.0.0.0/0 0.0.0.0/0 /*
ufw_test_builtins */
Testing status numbered
Setting IPV6 to yes
80: disable
diff -Nru ufw-0.36.1/tests/root/live_route/runtest.sh
ufw-0.36.2/tests/root/live_route/runtest.sh
--- ufw-0.36.1/tests/root/live_route/runtest.sh 2021-09-18 19:50:19.000000000
-0500
+++ ufw-0.36.2/tests/root/live_route/runtest.sh 2023-05-18 08:06:28.000000000
-0500
@@ -99,7 +99,8 @@
echo iptables -I FORWARD -j ACCEPT -m comment --comment $str >>
$TESTTMP/result
iptables -I FORWARD -j ACCEPT -m comment --comment $str >>
$TESTTMP/result
do_cmd "0" nostats enable
- iptables -n -L FORWARD 2>/dev/null | grep "$str" >> $TESTTMP/result
+ # normalize 'ACCEPT {all,tcp}' and 'ACCEPT N' for old/new
kernel/iptables
+ iptables -n -L FORWARD | sed 's/^ACCEPT \+[a-z0-9]\+ [ -]\+/ACCEPT
TST -- /' 2>/dev/null | grep "$str" >> $TESTTMP/result
iptables -D FORWARD -j ACCEPT -m comment --comment $str 2>/dev/null
done
diff -Nru ufw-0.36.1/tests/unit/test_applications.py
ufw-0.36.2/tests/unit/test_applications.py
--- ufw-0.36.1/tests/unit/test_applications.py 2018-12-14 12:25:55.000000000
-0600
+++ ufw-0.36.2/tests/unit/test_applications.py 2023-05-18 08:07:39.000000000
-0500
@@ -117,6 +117,9 @@
{'title': 'bad protocol - ipv6',
'description': 'desc',
'ports': '80/ipv6'},
+ {'title': 'bad protocol - vrrp',
+ 'description': 'desc',
+ 'ports': '80/vrrp'},
]
for p in profiles:
print(" %s" % p)
diff -Nru ufw-0.36.1/tests/unit/test_common.py
ufw-0.36.2/tests/unit/test_common.py
--- ufw-0.36.1/tests/unit/test_common.py 2021-09-18 19:50:19.000000000
-0500
+++ ufw-0.36.2/tests/unit/test_common.py 2023-05-18 08:07:39.000000000
-0500
@@ -261,7 +261,7 @@
def test_set_protocol(self):
'''Test set_protocol()'''
r = self.rules["any"]
- for proto in ['any', 'tcp', 'udp', 'ipv6', 'esp', 'ah']:
+ for proto in ['any', 'tcp', 'udp', 'ipv6', 'esp', 'ah', 'vrrp']:
r.set_protocol(proto)
self.assertEquals(proto, r.protocol, "%s != %s" %
(proto, r.protocol))
diff -Nru ufw-0.36.1/tests/unit/test_parser.py
ufw-0.36.2/tests/unit/test_parser.py
--- ufw-0.36.1/tests/unit/test_parser.py 2021-09-18 19:50:19.000000000
-0500
+++ ufw-0.36.2/tests/unit/test_parser.py 2023-05-18 08:07:39.000000000
-0500
@@ -428,6 +428,7 @@
['deny', 'to', 'any', 'proto', 'ipv6'],
['allow', 'to', 'any', 'proto', 'igmp'],
['reject', 'to', 'any', 'proto', 'esp'],
+ ['allow', 'to', 'any', 'proto', 'vrrp'],
['deny', 'to', '224.0.0.1', 'proto', 'igmp'],
['deny', 'in', 'on', 'eth0', 'to', '224.0.0.1', 'proto', \
'igmp'],
@@ -435,6 +436,8 @@
'gre'],
['deny', 'to', 'any', 'proto', 'ah'],
['allow', 'out', 'on', 'br_lan'],
+ ['allow', 'in', 'on', 'eth0', 'to', '192.168.0.1', 'from', \
+ '224.0.0.0/24', 'proto', 'vrrp'],
]
count = 0
for rtype in ['route', 'rule']:
@@ -524,6 +527,8 @@
ufw.common.UFWError),
(['rule', 'deny', 'to', 'any', 'port', '22', 'proto', 'gre'],
ufw.common.UFWError),
+ (['rule', 'deny', 'to', 'any', 'port', '22', 'proto', 'vrrp'],
+ ufw.common.UFWError),
(['rule', 'allow', 'to', '192.168.0.0/16', 'app', 'Samba',
'from', '192.168.0.0/16', 'port', 'tcpmux'],
ufw.common.UFWError),
diff -Nru ufw-0.36.1/tests/unit/test_util.py ufw-0.36.2/tests/unit/test_util.py
--- ufw-0.36.1/tests/unit/test_util.py 2018-12-14 12:25:55.000000000 -0600
+++ ufw-0.36.2/tests/unit/test_util.py 2023-05-18 08:07:39.000000000 -0500
@@ -741,6 +741,42 @@
tests.unit.support.check_for_exception(self, IOError, \
ufw.util.get_ppid, 0)
+ def test_get_ppid_no_space(self):
+ """Test get_ppid() no space"""
+ if sys.version_info[0] < 3:
+ return tests.unit.support.skipped(self, "skipping with python2")
+ import unittest.mock
+
+ m = unittest.mock.mock_open(read_data="9983 (cmd) S 923 9983 ...\n")
+ with unittest.mock.patch("builtins.open", m):
+ with unittest.mock.patch("os.path.isfile", return_value=True):
+ ppid = ufw.util.get_ppid(9983)
+ self.assertEquals(ppid, 923, "%d' != '923'" % ppid)
+
+ def test_get_ppid_with_space(self):
+ """Test get_ppid() with space"""
+ if sys.version_info[0] < 3:
+ return tests.unit.support.skipped(self, "skipping with python2")
+ import unittest.mock
+
+ m = unittest.mock.mock_open(read_data="9983 (cmd with space) S 923
9983 ...\n")
+ with unittest.mock.patch("builtins.open", m):
+ with unittest.mock.patch("os.path.isfile", return_value=True):
+ ppid = ufw.util.get_ppid(9983)
+ self.assertEquals(ppid, 923, "%d' != '923'" % ppid)
+
+ def test_get_ppid_with_parens(self):
+ """Test get_ppid() with parens"""
+ if sys.version_info[0] < 3:
+ return tests.unit.support.skipped(self, "skipping with python2")
+ import unittest.mock
+
+ m = unittest.mock.mock_open(read_data="9983 (cmd(paren)) S 923 9983
...\n")
+ with unittest.mock.patch("builtins.open", m):
+ with unittest.mock.patch("os.path.isfile", return_value=True):
+ ppid = ufw.util.get_ppid(9983)
+ self.assertEquals(ppid, 923, "%d' != '923'" % ppid)
+
def test_under_ssh(self):
'''Test under_ssh()'''
# this test could be running under ssh, so can't do anything more
@@ -1025,6 +1061,25 @@
result = ufw.util.hex_decode(s)
self.assertEquals(expected, result)
+ # test odd length string mitigation by truncating one hex-digit. This
+ # should result in the last (odd) hex digit being dropped and a decoded
+ # string of one less character
+ expected = "foo👍bar字ba"
+ if sys.version_info[0] < 3:
+ expected = u"foo👍bar字ba"
+ result = ufw.util.hex_decode(s[:-1])
+ self.assertEquals(expected, result)
+
+ # test odd length string mitigation by removing first hex-digit. This
+ # should result in the last (odd) hex digit being dropped, but since
+ # the first hex digit was removed, the byte sequence is shifted by one
+ # which causes the whole string to be 'backslashreplace'd.
+ expected = "f\\xf6\\xff\t\\xf9\x18\\xd6&\x17.Z\\xd9v&\x17"
+ if sys.version_info[0] < 3:
+ expected = u"f\\xf6\\xff\t\\xf9\x18\\xd6&\x17.Z\\xd9v&\x17"
+ result = ufw.util.hex_decode(s[1:])
+ self.assertEquals(expected, result)
+
def test_create_lock(self):
'''Test create_lock()'''
lock = ufw.util.create_lock(dryrun=True)
