** Description changed: The phablet image kernels (tested on nexus 4 and nexus 7) don't have enough netfilter options enabled to use ufw. ufw is the default firewall - in Ubuntu and the network-indicator will have firewall support for the + in Ubuntu and the indicator-network will have firewall support for the converged device if not sooner. ufw has a tool to test if the necessary kernel config is setup-- can we get our phablet kernel config to pass these tests? (note, test that are 'FAIL (no runtime support)' don't strictly have to be enabled, though it would be nice). To test: $ sudo apt-get install ufw $ sudo /usr/share/ufw/check-requirements Has python: pass (binary: python2.7, version: 2.7.5+, py2) Has iptables: pass Has ip6tables: pass Has /proc/net/dev: pass Has /proc/net/if_inet6: pass This script will now attempt to create various rules using the iptables and ip6tables commands. This may result in module autoloading (eg, for IPv6). Proceed with checks (Y/n)? y == IPv4 == Creating 'ufw-check-requirements'... done Inserting RETURN at top of 'ufw-check-requirements'... done TCP: pass UDP: pass destination port: pass source port: pass ACCEPT: pass DROP: pass REJECT: pass LOG: FAIL hashlimit: pass limit: pass state (NEW): pass state (RELATED): pass state (ESTABLISHED): pass state (INVALID): pass state (new, recent set): FAIL (no runtime support) state (new, recent update): FAIL (no runtime support) state (new, limit): pass interface (input): pass interface (output): pass multiport: pass comment: pass addrtype (LOCAL): FAIL addrtype (MULTICAST): FAIL addrtype (BROADCAST): FAIL icmp (destination-unreachable): pass icmp (source-quench): pass icmp (time-exceeded): pass icmp (parameter-problem): pass icmp (echo-request): pass == IPv6 == Creating 'ufw-check-requirements6'... done Inserting RETURN at top of 'ufw-check-requirements6'... done TCP: pass UDP: pass destination port: pass source port: pass ACCEPT: pass DROP: pass REJECT: pass LOG: FAIL hashlimit: pass limit: pass state (NEW): pass state (RELATED): pass state (ESTABLISHED): pass state (INVALID): pass state (new, recent set): FAIL (no runtime support) state (new, recent update): FAIL (no runtime support) state (new, limit): pass interface (input): pass interface (output): pass multiport: pass comment: pass icmpv6 (destination-unreachable): pass icmpv6 (packet-too-big): pass icmpv6 (time-exceeded): pass icmpv6 (parameter-problem): pass icmpv6 (echo-request): pass icmpv6 with hl (neighbor-solicitation): pass icmpv6 with hl (neighbor-advertisement): pass icmpv6 with hl (router-solicitation): pass icmpv6 with hl (router-advertisement): pass FAIL: check your kernel and that you have iptables >= 1.4.0 FAIL: check your kernel and iptables for additional runtime support In addition to the above, I noticed these IPV6 rules also fail (I need to add a check to check-requirements for that): -A ufw6-before-input -m rt --rt-type 0 -j DROP -A ufw6-before-forward -m rt --rt-type 0 -j DROP -A ufw6-before-output -m rt --rt-type 0 -j DROP - - I added tasks for the linux-nexus4 and linux-nexus7 kernels. Not sure what other kernels should be added, if any. + I added tasks for the linux-nexus4 and linux-nexus7 kernels. Not sure + what other kernels should be added, if any.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1191197 Title: kernel config does not support ufw firewall To manage notifications about this bug go to: https://bugs.launchpad.net/touch-preview-images/+bug/1191197/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
