Notes from my research on this today: sudo iptables -P FORWARD ACCEPT is not something that is needed on Ubuntu devices out-of-the-box. Some of our test devices have many rules set by Docker and other apps, and some forum posts I'm reading are saying that Docker overrides the firewall rules and sets the FORWARD policy to DROP, so I think that's why some device behavior differs.
The only thing that NetworkManager's upstream dev said[0] it does with the native iptables is setting up masquerading, and that the rest of the firewall config is done via firewalld, which we do not use. So at this point, the main thing I'm looking into is figuring out if NetworkManager upstream wants us to put the UFW rule handling into NetworkManager, for any Ubuntu users who have UFW enabled. I also asked if they want to set this iptables rule explicitly, since the current upstream implementation relies on firewalld and isn't distro-agnostic. In the meantime, the dispatcher script I prepared can be used to work around this. [0] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1827#note_3150787 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2128668 Title: Wi-Fi hotspot startup does not configure firewalls as needed for internet sharing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2128668/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
