Hello les, or anyone else affected,

Accepted ufw into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/ufw/0.36-0ubuntu0.18.04.1 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1719211

Title:
  Bad interface name

Status in ufw package in Ubuntu:
  Fix Released
Status in ufw source package in Bionic:
  Fix Committed
Status in ufw source package in Cosmic:
  Fix Committed
Status in ufw source package in Disco:
  Fix Released

Bug description:
  [Impact]

  ufw's interface name's or both too strict (this bug) and too loose
  (iptables has its own limits). Adjust the interface name checks to
  match those of the kernel.

  [Test Case]

  $ sudo ufw --dry-run allow in on i-1|grep i-1
  ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_i-1
  -A ufw-user-input -i i-1 -j ACCEPT
  ### tuple ### allow any any ::/0 any ::/0 in_i-1
  -A ufw6-user-input -i i-1 -j ACCEPT

  With an unpatched ufw, the above results in:

  $ sudo ufw --dry-run allow in on i-1|grep i-1
  ERROR: Bad interface name

  [Regression Potential]

  Risk of regression is considered low since the updated allow more than
  what is currently allowed, but not more than what iptables allows.
  See:

  https://git.launchpad.net/ufw/tree/src/common.py?h=release/0.36#n295

  
  = Original description =

  Is there a reason to restrict interface's name in ufw?
  Should ufw accept what iptables accept as iface name?

  I've a vpn with lot of nodes, its iface name contain a '-' so cannot
  use ufw on it.

  I've found the check here and cannot found a reason for it:
  http://bazaar.launchpad.net/~jdstrand/ufw/trunk/view/head:/src/common.py#L300

  thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1719211/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to