[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
This bug was fixed in the package iptables-persistent -
1.0.4+nmu2ubuntu1.1
---
iptables-persistent (1.0.4+nmu2ubuntu1.1) bionic; urgency=medium
* Add configuration options IP[6]TABLES_RESTORE_NOFLUSH so that
existing rules are not flushed on start/load (LP: #1949643)
- debian/netfilter-persistent.default: Introduce options
- plugins/{15-ip4tables,25-ip6tables}: Check/apply options
-- Jorge Merlino Fri, 10 Dec 2021
10:51:47 -0300
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949643
Title:
iptables-persistent unconditionally drops existing iptables rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
This bug was fixed in the package iptables-persistent - 1.0.14ubuntu1
---
iptables-persistent (1.0.14ubuntu1) focal; urgency=medium
* Add configuration options IP[6]TABLES_RESTORE_NOFLUSH so that
existing rules are not flushed on start/load (LP: #1949643)
- debian/netfilter-persistent.default: Introduce options
- plugins/{15-ip4tables,25-ip6tables}: Check/apply options
-- Jorge Merlino Fri, 10 Dec 2021
09:55:20 -0300
** Changed in: iptables-persistent (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949643
Title:
iptables-persistent unconditionally drops existing iptables rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
This bug was fixed in the package iptables-persistent -
1.0.15ubuntu0.21.04.1
---
iptables-persistent (1.0.15ubuntu0.21.04.1) hirsute; urgency=medium
* Add configuration options IP[6]TABLES_RESTORE_NOFLUSH so that
existing rules are not flushed on start/load (LP: #1949643)
- debian/netfilter-persistent.default: Introduce options
- plugins/{15-ip4tables,25-ip6tables}: Check/apply options
-- Jorge Merlino Fri, 10 Dec 2021
09:49:39 -0300
** Changed in: iptables-persistent (Ubuntu Hirsute)
Status: Fix Committed => Fix Released
** Changed in: iptables-persistent (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949643
Title:
iptables-persistent unconditionally drops existing iptables rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
This bug was fixed in the package iptables-persistent -
1.0.15ubuntu0.21.10.1
---
iptables-persistent (1.0.15ubuntu0.21.10.1) impish; urgency=medium
* Add configuration options IP[6]TABLES_RESTORE_NOFLUSH so that
existing rules are not flushed on start/load (LP: #1949643)
- debian/netfilter-persistent.default: Introduce options
- plugins/{15-ip4tables,25-ip6tables}: Check/apply options
-- Jorge Merlino Fri, 10 Dec 2021
09:36:34 -0300
** Changed in: iptables-persistent (Ubuntu Impish)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949643
Title:
iptables-persistent unconditionally drops existing iptables rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
Tested version 1.0.15ubuntu0.21.10.1 in Impish. Performed the tests on comment #14. All worked fine. ** Tags removed: verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish ** Tags added: verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
Tested version 1.0.15ubuntu0.21.04.1 in Hirsute. Performed the tests on comment #14. All worked fine. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
Tested version 1.0.14ubuntu1 in Focal. Performed the tests on comment #14. All worked fine. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
Tested version 1.0.4+nmu2ubuntu1.1 in Bionic. Performed the tests on comment #14. All worked fine. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
Hello Mauricio, or anyone else affected, Accepted iptables-persistent into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/iptables- persistent/1.0.15ubuntu0.21.10.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-impish. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: iptables-persistent (Ubuntu Impish) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-impish ** Changed in: iptables-persistent (Ubuntu Hirsute) Status: In Progress => Fix Committed ** Tags added: verification-needed-hirsute -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
Thanks, Jorge!
I've sponsored the debdiffs with minor changes
(that I didn't mention previously) to B/F/H/I,
and added some stuff to the SRU template [1,2].
The changes build fine on LP PPAs for all releases.
cheers,
Mauricio
...
For reference:
- versioning:
- B: change ubuntu2 to ubuntu1.1 (SRUs usually +0.1)
- H/I: change ubuntu1 (same version on diff releases)
to ubuntu0.21.{04,10}.1
- maintainer:
- F/H/I: run update-maintainer
[1] https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging
[2] https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949643
Title:
iptables-persistent unconditionally drops existing iptables rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
** Description changed:
[Impact]
The iptables-persistent plugins/{15-ip4tables,25-ip6tables}
use ip[6]tables-restore without --noflush unconditionally.
This doesn't play along well with ufw, which starts before
netfilter-persistent typically, and gets its rules flushed.
This makes `ufw status` return that ufw is disabled, which
is misleading, as `ufw.service` is enabled and ufw actually
loaded all its rules correctly (but they were flushed later.)
Some images ship iptables-persistent rules, thus are subject
to this issue if ufw is used.
[Workaround]
Disable the netfilter-persistent.service unit, after rules
have been migrated to ufw.
[Fix]
+ Add options IP[6]TABLES_RESTORE_NOFLUSH (disabled by default)
+ to `/etc/default/netfilter-persistent` to allow not flushing
+ existing ip[6]tables rules.
+
Proposed in Debian bug #998416 [1], Salsa Merge Request [2].
[Test Steps]
- See the Debian bug.
+ See commment #14 (based on the Debian bug.)
+
+ [Regression Potential]
+
+ Regressions would manifest when netfilter-persistent.service
+ starts/loads rules, probably in the form of failures to run
+ ip[6]tables-restore or incorrectly (not) flushing rules.
+
+ Note: there is _no_ behavior change is by default, so users
+ have to opt-in, which should reduce the chances/numbers of
+ potential regressions.
+
+ [Links]
[1] https://bugs.debian.org/998416
[2] https://salsa.debian.org/debian/iptables-persistent/-/merge_requests/3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949643
Title:
iptables-persistent unconditionally drops existing iptables rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
Test Steps from Debian bug, for reference. - 1. Configure rules files: cat
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
The SRU patches where built and tested by me in each Ubuntu version. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
SRU for Impish. Fixed changelog. ** Patch added: "lp1949643-impishv2.debdiff" https://bugs.launchpad.net/ubuntu/hirsute/+source/iptables-persistent/+bug/1949643/+attachment/5547368/+files/lp1949643-impishv2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
SRU for Hirsute. Fixed changelog. ** Patch added: "lp1949643-hirsutev2.debdiff" https://bugs.launchpad.net/ubuntu/hirsute/+source/iptables-persistent/+bug/1949643/+attachment/5547367/+files/lp1949643-hirsutev2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
SRU for Focal. Fixed changelog. ** Patch added: "lp1949643-focalv2.debdiff" https://bugs.launchpad.net/ubuntu/hirsute/+source/iptables-persistent/+bug/1949643/+attachment/5547366/+files/lp1949643-focalv2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
SRU for Bionic. Fixed changelog and indentantion ** Patch added: "lp1949643-bionicv2.debdiff" https://bugs.launchpad.net/ubuntu/hirsute/+source/iptables-persistent/+bug/1949643/+attachment/5547365/+files/lp1949643-bionicv2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
** Tags added: sts -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
@jorge-merlino, Thanks for the backports/debdiffs for the stable releases! I have reviewed them, which look mostly good; I suggested some changes and provided feedback on email. :) cheers! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
The fix has been released in Debian and Ubuntu Jammy. https://launchpad.net/ubuntu/+source/iptables-persistent/1.0.16 ** Also affects: iptables-persistent (Ubuntu Jammy) Importance: Medium Assignee: Mauricio Faria de Oliveira (mfo) Status: Confirmed ** Also affects: iptables-persistent (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: iptables-persistent (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: iptables-persistent (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: iptables-persistent (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: iptables-persistent (Ubuntu Impish) Status: New => In Progress ** Changed in: iptables-persistent (Ubuntu Impish) Importance: Undecided => Medium ** Changed in: iptables-persistent (Ubuntu Impish) Assignee: (unassigned) => Jorge Merlino (jorge-merlino) ** Changed in: iptables-persistent (Ubuntu Hirsute) Status: New => In Progress ** Changed in: iptables-persistent (Ubuntu Hirsute) Importance: Undecided => Medium ** Changed in: iptables-persistent (Ubuntu Hirsute) Assignee: (unassigned) => Jorge Merlino (jorge-merlino) ** Changed in: iptables-persistent (Ubuntu Focal) Status: New => In Progress ** Changed in: iptables-persistent (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: iptables-persistent (Ubuntu Focal) Assignee: (unassigned) => Jorge Merlino (jorge-merlino) ** Changed in: iptables-persistent (Ubuntu Bionic) Status: New => In Progress ** Changed in: iptables-persistent (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: iptables-persistent (Ubuntu Bionic) Assignee: (unassigned) => Jorge Merlino (jorge-merlino) ** Changed in: iptables-persistent (Ubuntu Jammy) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
** Tags added: sts-sponsor-mfo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
The attachment "lp1949643-impish.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
SRU for impish ** Patch added: "lp1949643-impish.debdiff" https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+attachment/5546887/+files/lp1949643-impish.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
SRU for focal ** Patch added: "lp1949643-focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+attachment/5546889/+files/lp1949643-focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
SRU for hirsute ** Patch added: "lp1949643-hirsute.debdiff" https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+attachment/5546888/+files/lp1949643-hirsute.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
SRU for bionic ** Patch added: "lp1949643-bionic.debdiff" https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+attachment/5546890/+files/lp1949643-bionic.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
** Changed in: iptables-persistent (Debian) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
https://salsa.debian.org/debian/iptables-persistent/-/merge_requests/3
** Description changed:
[Impact]
The iptables-persistent plugins/{15-ip4tables,25-ip6tables}
use ip[6]tables-restore without --noflush unconditionally.
This doesn't play along well with ufw, which starts before
netfilter-persistent typically, and gets its rules flushed.
This makes `ufw status` return that ufw is disabled, which
is misleading, as `ufw.service` is enabled and ufw actually
loaded all its rules correctly (but they were flushed later.)
Some images ship iptables-persistent rules, thus are subject
to this issue if ufw is used.
[Workaround]
Disable the netfilter-persistent.service unit, after rules
have been migrated to ufw.
[Fix]
- Proposed in Debian bug #998416 [1]
+ Proposed in Debian bug #998416 [1], Salsa Merge Request [2].
[Test Steps]
See the Debian bug.
[1] https://bugs.debian.org/998416
+ [2] https://salsa.debian.org/debian/iptables-persistent/-/merge_requests/3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949643
Title:
iptables-persistent unconditionally drops existing iptables rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1949643] Re: iptables-persistent unconditionally drops existing iptables rules
** Changed in: iptables-persistent (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
