This bug was fixed in the package ufw - 0.34-0ubuntu1 --------------- ufw (0.34-0ubuntu1) wily; urgency=medium
* New upstream release (LP: #1434525, LP: #1438647, LP: #1155292, Closes: 792753). Drop following patches included upstream: - 0002-lp1044361.patch - 0003-fix-typeerror-on-error.patch - 0004-lp1039729.patch - 0005-lp1191197.patch * Merge in Ubuntu packaging: - debian/ufw.postinst: + drop old reload of policy for upgrades to 0.30.1-2 + add new ufw[6]-track-forward primary chains on upgrade - Install the SysV init and upstart script for both Debian and Ubuntu. Debian has upstart too, and in Ubuntu we need the init script for LSB dependencies and for systemd. (LP: #1341083) + Rename debian/ufw.init.debian to debian/ufw.init + Rename debian/ufw.upstart.ubuntu to debian/ufw.upstart + Remove all the distro specific code from debian/rules and just call dh_installinit (thus removing lsb-release from Build-Depends-Indep). - Drop the distro specific logrotate configs, and use the ubuntu one with "rotate" instead of "reload" everywhere, as Debian's rsyslog init also supports "rotate". - Add a systemd unit: + Add debian/ufw.service + Add dh-systemd build dep. + debian/rulles: Call dh_systemd_{enable,start}. - Don't include Debian version in the python module version (LP: #1465549) * debian/copyright: follow copyright-format/1.0 * debian/po/pt_BR.po: add Brazilian Portuguese of debconf templates. Thanks to Adriano Rafael Gomes (Closes: 770453) * update debian/before[6].rules.md5sum * debian/ufw.lintian-overrides: - usr/share/ufw/after.init and before.init are intentionally not executable - we intentionally do not stop the firewall with init.d script * debian/control: Build-Depends-Indep on procps (needed by testsuite for sysctl) * debian/ufw.dirs, debian/rules: copy bash completions to /usr/share/bash-completion/completions * debian/rules: run 'make clean' after running the testsuite since the testsuite creates a build/ directory not that would be reused * debian/ufw.postrm: remove after.init and before.init on purge -- Jamie Strandboge <ja...@ubuntu.com> Thu, 20 Aug 2015 08:34:19 -0500 ** Changed in: ufw (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1434525 Title: Router solicitation blocked, makes network-manager complain Status in ufw package in Ubuntu: Fix Released Bug description: In Vivid, my syslog is full of complains by network-manager about blocked Router solicitation. In my log, I get things like this: ... Mar 20 12:47:04 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852024.960398] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1. Mar 20 12:47:04 franck-ThinkPad-T430s kernel: [ 8209.218586] [UFW BLOCK] IN= OUT=wlan0 SRC=fe80:0000:0000:0000:2677:03ff:fe8a:47a0 DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0 Mar 20 12:47:05 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852025.959574] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1. Mar 20 12:47:08 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852028.958727] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1. Mar 20 12:47:09 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852029.958873] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1. Mar 20 12:47:12 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852032.961342] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1. Mar 20 12:47:13 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852033.959493] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1. Mar 20 12:47:16 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852036.960008] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1. Mar 20 12:47:17 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852037.959215] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1. Mar 20 12:47:20 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852040.961811] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1. Mar 20 12:47:21 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852041.958641] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1. Mar 20 12:47:24 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852044.960743] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1. Mar 20 12:47:24 franck-ThinkPad-T430s kernel: [ 8229.224325] [UFW BLOCK] IN= OUT=wlan0 SRC=fe80:0000:0000:0000:2677:03ff:fe8a:47a0 DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0 Mar 20 12:47:25 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852045.958895] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1. Mar 20 12:47:28 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852048.960527] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1. ... and so on. I have read through http://www.ietf.org/rfc/rfc4890.txt but this is a bit tougth, and I like ufw doing the job for me :-). Here is the output of ip6tables --list : Chain INPUT (policy DROP) target prot opt source destination ufw6-before-logging-input all anywhere anywhere ufw6-before-input all anywhere anywhere ufw6-after-input all anywhere anywhere ufw6-after-logging-input all anywhere anywhere ufw6-reject-input all anywhere anywhere ufw6-track-input all anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ufw6-before-logging-forward all anywhere anywhere ufw6-before-forward all anywhere anywhere ufw6-after-forward all anywhere anywhere ufw6-after-logging-forward all anywhere anywhere ufw6-reject-forward all anywhere anywhere ufw6-track-forward all anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ufw6-before-logging-output all anywhere anywhere ufw6-before-output all anywhere anywhere ufw6-after-output all anywhere anywhere ufw6-after-logging-output all anywhere anywhere ufw6-reject-output all anywhere anywhere ufw6-track-output all anywhere anywhere Chain ufw6-after-forward (1 references) target prot opt source destination Chain ufw6-after-input (1 references) target prot opt source destination ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:netbios-ns ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:netbios-dgm ufw6-skip-to-policy-input tcp anywhere anywhere tcp dpt:netbios-ssn ufw6-skip-to-policy-input tcp anywhere anywhere tcp dpt:microsoft-ds ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:dhcpv6-client ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:dhcpv6-server Chain ufw6-after-logging-forward (1 references) target prot opt source destination LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw6-after-logging-input (1 references) target prot opt source destination LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw6-after-logging-output (1 references) target prot opt source destination LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw6-after-output (1 references) target prot opt source destination Chain ufw6-before-forward (1 references) target prot opt source destination DROP all anywhere anywhere rt type:0 segsleft:0 ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp parameter-problem ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request ufw6-user-forward all anywhere anywhere Chain ufw6-before-input (1 references) target prot opt source destination ACCEPT all anywhere anywhere DROP all anywhere anywhere rt type:0 segsleft:0 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation HL match HL == 255 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement HL match HL == 255 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation HL match HL == 255 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement HL match HL == 255 ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmp echo-reply ufw6-logging-deny all anywhere anywhere ctstate INVALID DROP all anywhere anywhere ctstate INVALID ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp parameter-problem ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request ACCEPT udp fe80::/10 fe80::/10 udp spt:dhcpv6-server dpt:dhcpv6-client ACCEPT udp anywhere ff02::fb udp dpt:mdns ACCEPT udp anywhere ff02::f udp dpt:1900 ufw6-user-input all anywhere anywhere Chain ufw6-before-logging-forward (1 references) target prot opt source destination Chain ufw6-before-logging-input (1 references) target prot opt source destination Chain ufw6-before-logging-output (1 references) target prot opt source destination Chain ufw6-before-output (1 references) target prot opt source destination ACCEPT all anywhere anywhere DROP all anywhere anywhere rt type:0 segsleft:0 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation HL match HL == 255 ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement HL match HL == 255 ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED ufw6-user-output all anywhere anywhere Chain ufw6-logging-allow (0 references) target prot opt source destination LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " Chain ufw6-logging-deny (1 references) target prot opt source destination RETURN all anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw6-reject-forward (1 references) target prot opt source destination Chain ufw6-reject-input (1 references) target prot opt source destination Chain ufw6-reject-output (1 references) target prot opt source destination Chain ufw6-skip-to-policy-forward (0 references) target prot opt source destination DROP all anywhere anywhere Chain ufw6-skip-to-policy-input (6 references) target prot opt source destination DROP all anywhere anywhere Chain ufw6-skip-to-policy-output (0 references) target prot opt source destination DROP all anywhere anywhere Chain ufw6-track-forward (1 references) target prot opt source destination Chain ufw6-track-input (1 references) target prot opt source destination Chain ufw6-track-output (1 references) target prot opt source destination Chain ufw6-user-forward (1 references) target prot opt source destination Chain ufw6-user-input (1 references) target prot opt source destination ACCEPT udp anywhere anywhere multiport dports 6881:6882 ACCEPT tcp anywhere anywhere multiport dports 6881:6882 Chain ufw6-user-limit (0 references) target prot opt source destination LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all anywhere anywhere reject-with icmp6-port-unreachable Chain ufw6-user-limit-accept (0 references) target prot opt source destination ACCEPT all anywhere anywhere Chain ufw6-user-logging-forward (0 references) target prot opt source destination Chain ufw6-user-logging-input (0 references) target prot opt source destination Chain ufw6-user-logging-output (0 references) target prot opt source destination Chain ufw6-user-output (1 references) target prot opt source destination ACCEPT tcp anywhere anywhere tcp dpt:ipp ACCEPT udp anywhere anywhere udp dpt:ipp ACCEPT tcp anywhere anywhere tcp dpt:domain ACCEPT udp anywhere anywhere udp dpt:domain ACCEPT udp anywhere anywhere udp dpt:bootps ACCEPT tcp anywhere anywhere tcp dpt:https ACCEPT tcp anywhere anywhere tcp dpt:http ACCEPT tcp anywhere anywhere tcp dpt:imap2 ACCEPT tcp anywhere anywhere tcp dpt:ssh ACCEPT tcp anywhere anywhere tcp dpt:postgresql ACCEPT tcp anywhere anywhere tcp dpt:http-alt ACCEPT udp anywhere anywhere multiport dports netbios-ns,netbios-dgm ACCEPT tcp anywhere anywhere multiport dports netbios-ssn,microsoft-ds ACCEPT tcp anywhere anywhere tcp dpt:l2f ACCEPT tcp anywhere anywhere tcp dpt:imaps ACCEPT tcp anywhere anywhere tcp dpt:git ACCEPT tcp anywhere anywhere tcp dpt:whois ACCEPT udp anywhere anywhere udp dpt:43 ACCEPT tcp anywhere anywhere tcp dpt:ircd ACCEPT tcp anywhere anywhere tcp dpt:3389 ACCEPT udp anywhere anywhere multiport dports 6881:6882 ACCEPT tcp anywhere anywhere multiport dports 6881:6882 Maybe /etc/ufw/before6.rules should be adjusted ? (or maybe it's a bug in Network-manager?) ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: ufw 0.34~rc-0ubuntu5 ProcVersionSignature: Ubuntu 3.19.0-9.9-generic 3.19.1 Uname: Linux 3.19.0-9-generic x86_64 ApportVersion: 2.16.2-0ubuntu3 Architecture: amd64 CurrentDesktop: Unity Date: Fri Mar 20 12:43:56 2015 InstallationDate: Installed on 2014-12-13 (96 days ago) InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1) PackageArchitecture: all SourcePackage: ufw UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.ufw: 2015-03-17T18:03:15.349146 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1434525/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp