[Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong
Thanks Jamie, Ah, cool, so that ufw config is when the install is a client. I am having issues with the install as a DHCPv4 server. I will revert the UFW changes I have made and add in a new /etc/ufw/application.d/dhcpd config to allow the install to run a DHCPv4 server Thanks Josh PS. isc-dhcp-server when setup, by default is using "raw" sockets and thus the ufw rules are bypassed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882484 Title: Firewall rule in before.rules for dhcp is wrong To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1882484/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong
Thank you for filing a bug.
The firewall policy is a combination of the default policy for each of
'incoming', 'outgoing' and 'routed' (forward) along with the policies
shipped in before{,6}.rules, after{,6}.rules and whatever gets added to
user{,6}.rules. Specifically, what is in before{,6}.rules is designed
with default deny for incoming (and forward), default allow for outgoing
and default accept for established connections. Considering that dhcp
uses port 68/udp for the client and port 67/udp for the server, the
shipped default policy allows:
* outgoing from this host port 68/udp to any port 67/udp (via default allow
outgoing; eg, for dhcp request)
* incoming for established connection (via before.rules RELATED,ESTABLISHED;
eg, dhcp reply from the server we connected to on port 67/udp)
* incoming from port 67/udp (via the before.rules you mentioned; eg, for a
server responding to the broadcast)
I suspect that you've updated your default policy to deny to perform
egress filtering so you need to add a corresponding 'ufw allow out to
any port 67 proto udp comment "dhcp discover"' rule or similar.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1882484
Title:
Firewall rule in before.rules for dhcp is wrong
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1882484/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong
Marking as Invalid since the default firewall policy is working as intended. ** Changed in: ufw (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882484 Title: Firewall rule in before.rules for dhcp is wrong To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1882484/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
