On Mi, Sep 08, 2010 at 14:23:11 (CEST), Jamie Strandboge wrote:
> ufw has IPv6 disabled by default (this will likely change very soon) in
> such a way that only traffic on the loopback is allowed. To enable IPv6
> support in ufw, you adjust /etc/default/ufw as you did, then restart ufw
> with 'sudo ufw disable ; sudo ufw enable'. Once that is done, the
> default policy is in effect, which by default is 'deny', so you must add
> rules for the traffic you want to allow, just list with IPv4. If you
> added generic rules before you enabled IPv6, you will have to add those
> again with IPv6 enabled. See 'man ufw' for details.
>
> What you have described as a bug sounds like ufw is operating as
> documented. I am going to close the bug for now. Please reopen if you
> find this in error.
You are basically claiming that once ipv6 is
enabled, it should behave in the same way as ipv4. Unfortunately, this
doesn't match my observations:
$ ufw reset
Resetting all rules to installed defaults. Proceed with operation (y|n)? y
[...]
$ ufw app update OpenSSH
$ ufw enable
$ ip6tables -L INPUT
Chain INPUT (policy DROP)
target prot opt source destination
$ iptables -L INPUT
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
You see that I end up with an empty INPUT queue for ipv6, which
effectively breaks all ipv6 traffic.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
** Changed in: ufw
Status: Invalid => New
** Changed in: ufw (Ubuntu)
Status: Invalid => New
--
ufw breaks ipv6
https://bugs.launchpad.net/bugs/633044
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
