[Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong
Thanks Jamie, Ah, cool, so that ufw config is when the install is a client. I am having issues with the install as a DHCPv4 server. I will revert the UFW changes I have made and add in a new /etc/ufw/application.d/dhcpd config to allow the install to run a DHCPv4 server Thanks Josh PS. isc-dhcp-server when setup, by default is using "raw" sockets and thus the ufw rules are bypassed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882484 Title: Firewall rule in before.rules for dhcp is wrong To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1882484/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong
Thank you for filing a bug. The firewall policy is a combination of the default policy for each of 'incoming', 'outgoing' and 'routed' (forward) along with the policies shipped in before{,6}.rules, after{,6}.rules and whatever gets added to user{,6}.rules. Specifically, what is in before{,6}.rules is designed with default deny for incoming (and forward), default allow for outgoing and default accept for established connections. Considering that dhcp uses port 68/udp for the client and port 67/udp for the server, the shipped default policy allows: * outgoing from this host port 68/udp to any port 67/udp (via default allow outgoing; eg, for dhcp request) * incoming for established connection (via before.rules RELATED,ESTABLISHED; eg, dhcp reply from the server we connected to on port 67/udp) * incoming from port 67/udp (via the before.rules you mentioned; eg, for a server responding to the broadcast) I suspect that you've updated your default policy to deny to perform egress filtering so you need to add a corresponding 'ufw allow out to any port 67 proto udp comment "dhcp discover"' rule or similar. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882484 Title: Firewall rule in before.rules for dhcp is wrong To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1882484/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882484] Re: Firewall rule in before.rules for dhcp is wrong
Marking as Invalid since the default firewall policy is working as intended. ** Changed in: ufw (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882484 Title: Firewall rule in before.rules for dhcp is wrong To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1882484/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs