Public bug reported:
The iptables package isn't flushing all tables on removal of the package
and the tables still exist until reboot. Intended behavior should be to
flush all tables via a dpkg pre-removal script. I'm not sure of any use
case where the intended behavior would be to keep the current rules in
place but not have iptables available.
root@ip-10-224-187-201:/home/cwarner# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- 127.0.0.0/8 anywhere
ACCEPT tcp -- anywhere anywhere state ESTABLISHED
ACCEPT udp -- anywhere anywhere state ESTABLISHED
ACCEPT icmp -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state
NEW
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ntp state
NEW
ACCEPT udp -- anywhere anywhere udp dpt:323 state
NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT icmp -- anywhere anywhere state
NEW,ESTABLISHED
root@ip-10-224-187-201:/home/cwarner# apt remove iptables
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
iptables
0 upgraded, 0 newly installed, 1 to remove and 2 not upgraded.
After this operation, 1,663 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 91459 files and directories currently installed.)
Removing iptables (1.6.0-2ubuntu3) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for man-db (2.7.5-1) ...
*Rules are still in place*
root@ip-10-224-187-201:/home/cwarner# apt install iptables
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
iptables
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 266 kB of archives.
After this operation, 1,663 kB of additional disk space will be used.
Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 iptables
amd64 1.6.0-2ubuntu3 [266 kB]
Fetched 266 kB in 0s (7,629 kB/s)
Selecting previously unselected package iptables.
(Reading database ... 91286 files and directories currently installed.)
Preparing to unpack .../iptables_1.6.0-2ubuntu3_amd64.deb ...
Unpacking iptables (1.6.0-2ubuntu3) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up iptables (1.6.0-2ubuntu3) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
root@ip-10-224-187-201:/home/cwarner# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- 127.0.0.0/8 anywhere
ACCEPT tcp -- anywhere anywhere state ESTABLISHED
ACCEPT udp -- anywhere anywhere state ESTABLISHED
ACCEPT icmp -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state
NEW
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ntp state
NEW
ACCEPT udp -- anywhere anywhere udp dpt:323 state
NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT icmp -- anywhere anywhere state
NEW,ESTABLISHED
Same rules, still in place.
** Affects: iptables (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1816811
Title:
iptables package doesn't flush table on removal of package
Status in iptables package in Ubuntu:
New
Bug description:
The iptables package isn't flushing all tables on removal of the
package and the tables still exist until reboot. Intended behavior
sho