** Description changed: + [Impact] + + ufw's interface name's or both too strict (this bug) and too loose + (iptables has its own limits). Adjust the interface name checks to match + those of the kernel. + + [Test Case] + + $ sudo ufw --dry-run allow in on i-1|grep i-1 + ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_i-1 + -A ufw-user-input -i i-1 -j ACCEPT + ### tuple ### allow any any ::/0 any ::/0 in_i-1 + -A ufw6-user-input -i i-1 -j ACCEPT + + With an unpatched ufw, the above results in: + + $ sudo ufw --dry-run allow in on i-1|grep i-1 + ERROR: Bad interface name + + [Regression Potential] + + Risk of regression is considered low since the updated allow more than + what is currently allowed, but not more than what iptables allows. See: + + https://git.launchpad.net/ufw/tree/src/common.py?h=release/0.36#n295 + + + = Original description = + Is there a reason to restrict interface's name in ufw? Should ufw accept what iptables accept as iface name? I've a vpn with lot of nodes, its iface name contain a '-' so cannot use ufw on it. I've found the check here and cannot found a reason for it: http://bazaar.launchpad.net/~jdstrand/ufw/trunk/view/head:/src/common.py#L300 thanks
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719211 Title: Bad interface name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1719211/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
