[Gufw-developers] [Bug 1571701] Re: The rules have disappeared from the Rules tab

jean-christophe manciot Mon, 18 Apr 2016 16:06:13 -0700

I completely removed iptables, ufw & gufw and reinstalled them.

At the beginning, there is:
iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT


Then, I start Gufw, my default profile ("root-profile") is loaded, but Gufw is 
disabled, which is weird.
I enable it, make sure that incoming traffic is disabled, then I view:

iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output

Shouldn't we read "-P INPUT DROP" instead of "-P INPUT ACCEPT"?
I quit Gufw, and relaunch it: the status is OFF!!!
How can this even happen?
I look at the root-profile on disk, and all the rules have been removed - 
somehow by Gufw I guess.
Now I understand why none of the rules previously defined in the "root-profile" 
appear anywhere within Gufw nor in the iptables rules list.

I pull the backup into /etc/gufw/app_profiles instead of /etc/gufw this time, 
relaunch Gufw, remove the profile from the preferences, import the new profile 
and... none of the rules defined in the profile appear in the rules tab!
A look at the log tells me that "WARN: uid is 0 but '/etc' is owned by 1000" 
for all new rules.
I change the owner to root and reimport the profile successfully this time: the 
rules are accepted.

However, none of them appear in the iptables.
I quit Gufw, relaunch it and... the status is OFF again and all the rules have 
vanished!
Putting the status back ON make the rules reappear within Gufw & the iptables, 
at last. 
Also, now we have "-P INPUT DROP" & some other rules (which should have been 
there in the first place?) also appear, for example:
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
...

I quit Gufw & relaunch it: this time the status is ON.

As a conclusion, checking /etc owner seems overkill: if you fear that someone 
may have taken over the root account, not loading the firewall rules won't 
change the situation since he/she has already been able to dethrone the root 
account...
Also, why do we need to load Gufw several times to import a profile & enable it?

-- 
You received this bug notification because you are a member of Gufw
Developers, which is subscribed to Gufw.
https://bugs.launchpad.net/bugs/1571701

Title:
  The rules have disappeared from the Rules tab

Status in Gufw:
  New

Bug description:
  The rules used to be listed without any issue.
  I don't know what have changed since to explain this strange & suspicious 
behavior.
  The correct profile is loaded from /etc/gufw/app_profiles .
  The profile text file contains all the rules.

  Gufw first complained that the profile permissions needed to be 600. I
  have no idea why there were defined as 777, but I defined them back to
  600. Now I can launch Gufw, but without any rule appearing in the tab.

  Ubuntu 15.10 4.2.0-35
  Gufw 15.10.0-0ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+bug/1571701/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~gufw-developers
Post to     : gufw-developers@lists.launchpad.net
Unsubscribe : https://launchpad.net/~gufw-developers
More help   : https://help.launchpad.net/ListHelp

[Gufw-developers] [Bug 1571701] Re: The rules have disappeared from the Rules tab

Reply via email to