[Touch-packages] [Bug 1633698] Re: ufw before6.rules adds echo-request and echo-response rules to wrong chain

2018-12-14 Thread Jamie Strandboge 
This is fixed in the new 0.36 release.

** Changed in: ufw
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1633698

Title:
  ufw before6.rules adds echo-request and echo-response rules to wrong
  chain

Status in ufw:
  Fix Released
Status in ufw package in Ubuntu:
  Fix Released

Bug description:
  The default before6.rules file that is installed with the ufw package
  contains a copy/paste error. It is apparent that the intention is to
  add rules for echo-request and echo-response to the following chains:

  ufw6-before-input
  ufw6-before-output
  ufw6-before-forward

  However there is a copy/paste error and instead of adding the rules to
  ufw6-before-output, it adds it to ufw6-before-input a second time. The
  result is that the rules are absent from ufw6-before-output.

  The file that needs to be fixed in the package is:
  /usr/share/ufw/iptables/before6.rules

  Here is what diff -u shows if I compare the original file to the
  corrected version:

  --- /usr/share/ufw/iptables/before6.rules 2016-04-15 17:16:29.0 
+1200
  +++ ufw_fixed_before6.rules   2016-10-15 23:00:57.763041239 +1300
  @@ -77,8 +77,8 @@
   -A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
   # codes 0-2
   -A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl 
--hl-eq 255 -j ACCEPT

  The impact of this error is minor because the ufw.conf file sets the default 
outbound policy to accept:
  DEFAULT_OUTPUT_POLICY="ACCEPT"

  Of course if anyone changed the default outbound policy then the error
  would mean that pings made from the server to other machines would be
  blocked.

  I will attach the original and my fixed version of before6.rules to
  this bug report.

  Thanks for taking the time to look at this issue.

  Nick.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.10
  Package: ufw 0.35-2
  ProcVersionSignature: Ubuntu 4.8.0-22.24-generic 4.8.0
  Uname: Linux 4.8.0-22-generic i686
  ApportVersion: 2.20.3-0ubuntu8
  Architecture: i386
  Date: Sat Oct 15 23:09:04 2016
  InstallationDate: Installed on 2016-10-14 (1 days ago)
  InstallationMedia: Ubuntu-Server 16.10 "Yakkety Yak" - Release i386 
(20161012.1)
  PackageArchitecture: all
  SourcePackage: ufw
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/1633698/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1633698] Re: ufw before6.rules adds echo-request and echo-response rules to wrong chain

2017-06-06 Thread Jamie Strandboge 
** Changed in: ufw
Milestone: None => 0.36

** Changed in: ufw
 Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1633698

Title:
  ufw before6.rules adds echo-request and echo-response rules to wrong
  chain

Status in ufw:
  Fix Committed
Status in ufw package in Ubuntu:
  Fix Released

Bug description:
  The default before6.rules file that is installed with the ufw package
  contains a copy/paste error. It is apparent that the intention is to
  add rules for echo-request and echo-response to the following chains:

  ufw6-before-input
  ufw6-before-output
  ufw6-before-forward

  However there is a copy/paste error and instead of adding the rules to
  ufw6-before-output, it adds it to ufw6-before-input a second time. The
  result is that the rules are absent from ufw6-before-output.

  The file that needs to be fixed in the package is:
  /usr/share/ufw/iptables/before6.rules

  Here is what diff -u shows if I compare the original file to the
  corrected version:

  --- /usr/share/ufw/iptables/before6.rules 2016-04-15 17:16:29.0 
+1200
  +++ ufw_fixed_before6.rules   2016-10-15 23:00:57.763041239 +1300
  @@ -77,8 +77,8 @@
   -A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
   # codes 0-2
   -A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl 
--hl-eq 255 -j ACCEPT

  The impact of this error is minor because the ufw.conf file sets the default 
outbound policy to accept:
  DEFAULT_OUTPUT_POLICY="ACCEPT"

  Of course if anyone changed the default outbound policy then the error
  would mean that pings made from the server to other machines would be
  blocked.

  I will attach the original and my fixed version of before6.rules to
  this bug report.

  Thanks for taking the time to look at this issue.

  Nick.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.10
  Package: ufw 0.35-2
  ProcVersionSignature: Ubuntu 4.8.0-22.24-generic 4.8.0
  Uname: Linux 4.8.0-22-generic i686
  ApportVersion: 2.20.3-0ubuntu8
  Architecture: i386
  Date: Sat Oct 15 23:09:04 2016
  InstallationDate: Installed on 2016-10-14 (1 days ago)
  InstallationMedia: Ubuntu-Server 16.10 "Yakkety Yak" - Release i386 
(20161012.1)
  PackageArchitecture: all
  SourcePackage: ufw
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/1633698/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1633698] Re: ufw before6.rules adds echo-request and echo-response rules to wrong chain

2017-01-11 Thread Launchpad Bug Tracker 
This bug was fixed in the package ufw - 0.35-3

---
ufw (0.35-3) unstable; urgency=medium

  * 0002-bug849628.patch: adjust testsuite for recent changes to netbase
(Closes: 849628)
  * 0003-use-default-tcp-syncookies.patch: don't override distribution default
for TCP syncookies
  * 0004-lp1633698.patch: adjust ufw6-before-output rules for echo-reply and
echo-request (LP: #1633698)
  * update debian/before6.rules.md5sum
  * fix lintian errors:
- debian/control: Build-Depends on dh-python and debhelper >= 9
- debian/compat: use compatibility level 9

 -- Jamie Strandboge   Sun, 08 Jan 2017 16:33:45 +

** Changed in: ufw (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1633698

Title:
  ufw before6.rules adds echo-request and echo-response rules to wrong
  chain

Status in ufw:
  Fix Committed
Status in ufw package in Ubuntu:
  Fix Released

Bug description:
  The default before6.rules file that is installed with the ufw package
  contains a copy/paste error. It is apparent that the intention is to
  add rules for echo-request and echo-response to the following chains:

  ufw6-before-input
  ufw6-before-output
  ufw6-before-forward

  However there is a copy/paste error and instead of adding the rules to
  ufw6-before-output, it adds it to ufw6-before-input a second time. The
  result is that the rules are absent from ufw6-before-output.

  The file that needs to be fixed in the package is:
  /usr/share/ufw/iptables/before6.rules

  Here is what diff -u shows if I compare the original file to the
  corrected version:

  --- /usr/share/ufw/iptables/before6.rules 2016-04-15 17:16:29.0 
+1200
  +++ ufw_fixed_before6.rules   2016-10-15 23:00:57.763041239 +1300
  @@ -77,8 +77,8 @@
   -A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
   # codes 0-2
   -A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl 
--hl-eq 255 -j ACCEPT

  The impact of this error is minor because the ufw.conf file sets the default 
outbound policy to accept:
  DEFAULT_OUTPUT_POLICY="ACCEPT"

  Of course if anyone changed the default outbound policy then the error
  would mean that pings made from the server to other machines would be
  blocked.

  I will attach the original and my fixed version of before6.rules to
  this bug report.

  Thanks for taking the time to look at this issue.

  Nick.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.10
  Package: ufw 0.35-2
  ProcVersionSignature: Ubuntu 4.8.0-22.24-generic 4.8.0
  Uname: Linux 4.8.0-22-generic i686
  ApportVersion: 2.20.3-0ubuntu8
  Architecture: i386
  Date: Sat Oct 15 23:09:04 2016
  InstallationDate: Installed on 2016-10-14 (1 days ago)
  InstallationMedia: Ubuntu-Server 16.10 "Yakkety Yak" - Release i386 
(20161012.1)
  PackageArchitecture: all
  SourcePackage: ufw
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/1633698/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1633698] Re: ufw before6.rules adds echo-request and echo-response rules to wrong chain

2017-01-08 Thread Jamie Strandboge 
** Changed in: ufw (Ubuntu)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1633698

Title:
  ufw before6.rules adds echo-request and echo-response rules to wrong
  chain

Status in ufw:
  Fix Committed
Status in ufw package in Ubuntu:
  In Progress

Bug description:
  The default before6.rules file that is installed with the ufw package
  contains a copy/paste error. It is apparent that the intention is to
  add rules for echo-request and echo-response to the following chains:

  ufw6-before-input
  ufw6-before-output
  ufw6-before-forward

  However there is a copy/paste error and instead of adding the rules to
  ufw6-before-output, it adds it to ufw6-before-input a second time. The
  result is that the rules are absent from ufw6-before-output.

  The file that needs to be fixed in the package is:
  /usr/share/ufw/iptables/before6.rules

  Here is what diff -u shows if I compare the original file to the
  corrected version:

  --- /usr/share/ufw/iptables/before6.rules 2016-04-15 17:16:29.0 
+1200
  +++ ufw_fixed_before6.rules   2016-10-15 23:00:57.763041239 +1300
  @@ -77,8 +77,8 @@
   -A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
   # codes 0-2
   -A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl 
--hl-eq 255 -j ACCEPT

  The impact of this error is minor because the ufw.conf file sets the default 
outbound policy to accept:
  DEFAULT_OUTPUT_POLICY="ACCEPT"

  Of course if anyone changed the default outbound policy then the error
  would mean that pings made from the server to other machines would be
  blocked.

  I will attach the original and my fixed version of before6.rules to
  this bug report.

  Thanks for taking the time to look at this issue.

  Nick.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.10
  Package: ufw 0.35-2
  ProcVersionSignature: Ubuntu 4.8.0-22.24-generic 4.8.0
  Uname: Linux 4.8.0-22-generic i686
  ApportVersion: 2.20.3-0ubuntu8
  Architecture: i386
  Date: Sat Oct 15 23:09:04 2016
  InstallationDate: Installed on 2016-10-14 (1 days ago)
  InstallationMedia: Ubuntu-Server 16.10 "Yakkety Yak" - Release i386 
(20161012.1)
  PackageArchitecture: all
  SourcePackage: ufw
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/1633698/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1633698] Re: ufw before6.rules adds echo-request and echo-response rules to wrong chain

2016-10-25 Thread Jamie Strandboge 
Thank you for using ufw and filing a bug. I've adjusted this in trunk
and it will be in the next release.

** Also affects: ufw
   Importance: Undecided
   Status: New

** Changed in: ufw
   Status: New => Fix Committed

** Changed in: ufw
   Importance: Undecided => Medium

** Changed in: ufw (Ubuntu)
   Status: New => Triaged

** Changed in: ufw (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1633698

Title:
  ufw before6.rules adds echo-request and echo-response rules to wrong
  chain

Status in ufw:
  Fix Committed
Status in ufw package in Ubuntu:
  Triaged

Bug description:
  The default before6.rules file that is installed with the ufw package
  contains a copy/paste error. It is apparent that the intention is to
  add rules for echo-request and echo-response to the following chains:

  ufw6-before-input
  ufw6-before-output
  ufw6-before-forward

  However there is a copy/paste error and instead of adding the rules to
  ufw6-before-output, it adds it to ufw6-before-input a second time. The
  result is that the rules are absent from ufw6-before-output.

  The file that needs to be fixed in the package is:
  /usr/share/ufw/iptables/before6.rules

  Here is what diff -u shows if I compare the original file to the
  corrected version:

  --- /usr/share/ufw/iptables/before6.rules 2016-04-15 17:16:29.0 
+1200
  +++ ufw_fixed_before6.rules   2016-10-15 23:00:57.763041239 +1300
  @@ -77,8 +77,8 @@
   -A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
   # codes 0-2
   -A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  --A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
  +-A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl 
--hl-eq 255 -j ACCEPT
   -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl 
--hl-eq 255 -j ACCEPT

  The impact of this error is minor because the ufw.conf file sets the default 
outbound policy to accept:
  DEFAULT_OUTPUT_POLICY="ACCEPT"

  Of course if anyone changed the default outbound policy then the error
  would mean that pings made from the server to other machines would be
  blocked.

  I will attach the original and my fixed version of before6.rules to
  this bug report.

  Thanks for taking the time to look at this issue.

  Nick.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.10
  Package: ufw 0.35-2
  ProcVersionSignature: Ubuntu 4.8.0-22.24-generic 4.8.0
  Uname: Linux 4.8.0-22-generic i686
  ApportVersion: 2.20.3-0ubuntu8
  Architecture: i386
  Date: Sat Oct 15 23:09:04 2016
  InstallationDate: Installed on 2016-10-14 (1 days ago)
  InstallationMedia: Ubuntu-Server 16.10 "Yakkety Yak" - Release i386 
(20161012.1)
  PackageArchitecture: all
  SourcePackage: ufw
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/1633698/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp