** Description changed:
+ ufw is unusable on systems without ipv6 support because ufw traces back
+ when trying to run ip6tables to determine what capabilities the system
+ has. Currently ufw will run ip6tables unconditionally which can fail
+ when the system is booted with ipv6.disable=1 or when iptables is
+ compiled without ipv6 support. The proposed fix (which is available in
+ the devel release) adjusts initcaps() in backend.py to only run
+ get_netfilter_capabilities() on ip6tables when IPV6=yes in
+ /etc/default/ufw (the default in Ubuntu).
+
+ [Test Case #1]
+ 1. Add ipv6.disable=1 to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub.
+ 2. Reboot
+ 3. Adjust /etc/default/ufw to have "IPV6=no"
+ 4. Run 'sudo ufw disable ; sudo ufw enable'
+
+ [Test Case #2]
+ 1. mv /sbin/ip6tables /sbin/ip6tables.bak
+ 2. Adjust /etc/default/ufw to have "IPV6=no"
+ 3. Run 'sudo ufw disable ; sudo ufw enable'
+
+ (Test Case #1 is the important test for Ubuntu and why this bug needs
+ the SRU)
+
+ [Regression Potential]
+ The regression potential is considered low because the patch is simple/easy
to understand and the default behavior will not change for users. ufw, iptables
and the Ubuntu kernel ship with IPV6 support enabled. Ufw also has a
significant testsuite and a test script in QRT for Ubuntu integration (which
will include test case #2 (test case #1 is not easily automatable)).
+
+
+ Previous Description:
Description: Ubuntu quantal (development branch)
Release: 12.10
Codename: quantal
ufw:
- Installato: 0.33-0ubuntu1
- Candidato: 0.33-0ubuntu1
- Tabella versione:
- *** 0.33-0ubuntu1 0
- 500 http://archive.ubuntu.com/ubuntu/ quantal/main i386 Packages
- 100 /var/lib/dpkg/status
+ Installato: 0.33-0ubuntu1
+ Candidato: 0.33-0ubuntu1
+ Tabella versione:
+ *** 0.33-0ubuntu1 0
+ 500 http://archive.ubuntu.com/ubuntu/ quantal/main i386 Packages
+ 100 /var/lib/dpkg/status
I'm not using or starting ufw... i have a customized script to load
iptables rules on this system...
ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: ufw 0.33-0ubuntu1
ProcVersionSignature: Ubuntu 3.5.0-11.11-generic 3.5.2
Uname: Linux 3.5.0-11-generic i686
ApportVersion: 2.4-0ubuntu8
Architecture: i386
Date: Tue Aug 21 20:02:32 2012
ExecutablePath: /usr/sbin/ufw
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Release Candidate i386
(20100419.1)
InterpreterPath: /usr/bin/python3.2mu
PackageArchitecture: all
ProcCmdline: /usr/bin/python3 /usr/sbin/ufw app update all
PythonArgs: ['/usr/sbin/ufw', 'app', 'update', 'all']
SourcePackage: ufw
Title: ufw crashed with Perhaps ip6tables or your kernel needs to be
upgraded. in get_netfilter_capabilities()
UpgradeStatus: Upgraded to quantal on 2012-08-15 (6 days ago)
UserGroups:
** Changed in: ufw (Ubuntu Quantal)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Description changed:
ufw is unusable on systems without ipv6 support because ufw traces back
when trying to run ip6tables to determine what capabilities the system
has. Currently ufw will run ip6tables unconditionally which can fail
when the system is booted with ipv6.disable=1 or when iptables is
compiled without ipv6 support. The proposed fix (which is available in
the devel release) adjusts initcaps() in backend.py to only run
get_netfilter_capabilities() on ip6tables when IPV6=yes in
/etc/default/ufw (the default in Ubuntu).
[Test Case #1]
1. Add ipv6.disable=1 to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub.
2. Reboot
3. Adjust /etc/default/ufw to have "IPV6=no"
4. Run 'sudo ufw disable ; sudo ufw enable'
+ 5. Run 'sudo ufw disable ; sudo ufw app update all'
+
+ Steps 4 and 5 will traceback without this SRU.
[Test Case #2]
1. mv /sbin/ip6tables /sbin/ip6tables.bak
2. Adjust /etc/default/ufw to have "IPV6=no"
3. Run 'sudo ufw disable ; sudo ufw enable'
+ 4. Run 'sudo ufw disable ; sudo ufw app update all'
+
+ Steps 3 and 4 will traceback without this SRU.
(Test Case #1 is the important test for Ubuntu and why this bug needs
the SRU)
[Regression Potential]
The regression potential is considered low because the patch is simple/easy
to understand and the default behavior will not change for users. ufw, iptables
and the Ubuntu kernel ship with IPV6 support enabled. Ufw also has a
significant testsuite and a test script in QRT for Ubuntu integration (which
will include test case #2 (test case #1 is not easily automatable)).
-
Previous Description:
Description: Ubuntu quantal (development branch)
Release: 12.10
Codename: quantal
ufw:
Installato: 0.33-0ubuntu1
Candidato: 0.33-0ubuntu1
Tabella versione:
*** 0.33-0ubuntu1 0
500 http://archive.ubuntu.com/ubuntu/ quantal/main i386 Packages
100 /var/lib/dpkg/status
I'm not using or starting ufw... i have a customized script to load
iptables rules on this system...
ProblemType: Crash
DistroRelease: Ubuntu 12.10
Package: ufw 0.33-0ubuntu1
ProcVersionSignature: Ubuntu 3.5.0-11.11-generic 3.5.2
Uname: Linux 3.5.0-11-generic i686
ApportVersion: 2.4-0ubuntu8
Architecture: i386
Date: Tue Aug 21 20:02:32 2012
ExecutablePath: /usr/sbin/ufw
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Release Candidate i386
(20100419.1)
InterpreterPath: /usr/bin/python3.2mu
PackageArchitecture: all
ProcCmdline: /usr/bin/python3 /usr/sbin/ufw app update all
PythonArgs: ['/usr/sbin/ufw', 'app', 'update', 'all']
SourcePackage: ufw
Title: ufw crashed with Perhaps ip6tables or your kernel needs to be
upgraded. in get_netfilter_capabilities()
UpgradeStatus: Upgraded to quantal on 2012-08-15 (6 days ago)
UserGroups:
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039729
Title:
ufw crashed with Perhaps ip6tables or your kernel needs to be
upgraded. in get_netfilter_capabilities() when using ipv6.disable=1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/1039729/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
