Public bug reported:
If ufw is disabled, the iptable rules still remain active. This is wrong
behavior, if an administrator has asked for the firewall to be disabled
then no rules of any kind (except for the default policy ACCEPT) should
be present in the iptables list.
Actual results:
root@r820-jq3yx12:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_INP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LIBVIRT_FWX all -- anywhere anywhere
LIBVIRT_FWI all -- anywhere anywhere
LIBVIRT_FWO all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_OUT all -- anywhere anywhere
Chain LIBVIRT_FWI (1 references)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate
RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain LIBVIRT_FWO (1 references)
target prot opt source destination
ACCEPT all -- 192.168.122.0/24 anywhere
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain LIBVIRT_FWX (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain LIBVIRT_INP (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:67
Chain LIBVIRT_OUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
root@r820-jq3yx12:~# ufw status
Status: inactive
Expected results:
root@r820-jq3yx12:~# iptables -P INPUT ACCEPT
root@r820-jq3yx12:~# iptables -P FORWARD ACCEPT
root@r820-jq3yx12:~# iptables -P OUTPUT ACCEPT
root@r820-jq3yx12:~# iptables -t nat -F
root@r820-jq3yx12:~# iptables -t mangle -F
root@r820-jq3yx12:~# iptables -F
root@r820-jq3yx12:~# iptables -X
root@r820-jq3yx12:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ProblemType: Bug
DistroRelease: Ubuntu 19.10
Package: ufw 0.36-1ubuntu3
ProcVersionSignature: Ubuntu 5.3.0-24.26-generic 5.3.10
Uname: Linux 5.3.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu8.2
Architecture: amd64
Date: Mon Jan 6 11:24:18 2020
InstallationDate: Installed on 2019-12-29 (8 days ago)
InstallationMedia: Ubuntu-MATE 19.10 "Eoan Ermine" - Release amd64 (20191017)
PackageArchitecture: all
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: ufw
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: ufw (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug eoan iptables ufw
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1858464
Title:
iptable rules are still present after disabling ufw
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1858464/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
