Thanks for the help, but adding the nf_conntrack_sane module didn't
help. Adding it and adding ufw allow rules for some packets that were
being reported as dropped didn't help. The only way that it reliably
works is if I set syncookies to 1 as described above.
I'm not sure there really is a
Since this bug was opened against ufw with syncookies, I'm going to mark
this bug as invalid for ufw. If there is a problem with syncookies, it
would be a kernel bug-- feel free to open a bug there if you still feel
there is a bug.
** Changed in: ufw (Ubuntu)
Status: Confirmed => Invalid
The tcp syncookies issues is not a ufw bug. In fact, toggling it one way
are another your logs show the same kernel message.
The real issue is sane not working with ufw enabled. You need to use the
nf_conntrack_sane module. See
https://bugs.launchpad.net/ufw/+bug/1595046/comments/14 for details.
** Changed in: ufw (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1631553
Title:
With UFW enabled, kernel reports SYN flooding
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ufw (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
Oh, relevant tickets from UFW and procps:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/57091
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/189565
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
6 matches
Mail list logo