** Also affects: linux-nexus4 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux-nexus7 (Ubuntu)
Importance: Undecided
Status: New
** Tags added: bot-stop-nagging
** Description changed:
The phablet image kernels (tested on nexus 4 and nexus 7) don't have
enough netfilter options enabled to use ufw. ufw is the default firewall
in Ubuntu and the network-indicator will have firewall support for the
converged device if not sooner. ufw has a tool to test if the necessary
kernel config is setup-- can we get our phablet kernel config to pass
these tests? (note, test that are 'FAIL (no runtime support)' don't
strictly have to be enabled, though it would be nice).
To test:
$ sudo apt-get install ufw
$ sudo /usr/share/ufw/check-requirements
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): FAIL
addrtype (MULTICAST): FAIL
addrtype (BROADCAST): FAIL
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): FAIL (no runtime support)
state (new, recent update): FAIL (no runtime support)
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support
-
In addition to the above, I noticed these IPV6 rules also fail (I need to add
a check to check-requirements for that):
-A ufw6-before-input -m rt --rt-type 0 -j DROP
-A ufw6-before-forward -m rt --rt-type 0 -j DROP
-A ufw6-before-output -m rt --rt-type 0 -j DROP
+
+
+ I added tasks for the linux-nexus4 and linux-nexus7 kernels. Not sure what
other kernels should be added, if any.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1191197
Title:
kernel config does not support ufw firewall
To manage notifications about this bug go to:
https://bugs.launchpad.net/touch-preview-images/+bug/1191197/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
