I agree that configuring network-manager to use iptables instead of
nftables sounds like the less risky idea, but could you please enhance
the test plan a bit to cover for the, correctly identified, risk of
regression? We assume that the end result of the firewall rules,
regardless of the backend, will be the same, but the risk is that
perhaps something that was blocked is now suddenly exposed when the
hotspot feature is turned on.
Perhaps include a test where you install one or two apps that have ufw
profiles, block access to them with some criteria (port, src host,
something like that), then enable the hotspot and check that the ufw
rules for those applications were not broken? I'm thinking ssh and
apache2, which I think have ufw profiles.
Another more visible app would be LXD, which definitely installs several
firewall rules, that would perhaps be an even better test (install lxd,
start a container, make sure its networking still works as before when
hotspot was enabled on the host).
How does that sound?
** Changed in: network-manager (Ubuntu Questing)
Status: In Progress => Incomplete
** Changed in: network-manager (Ubuntu Noble)
Status: In Progress => Incomplete
** Changed in: network-manager (Ubuntu Jammy)
Status: In Progress => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2128668
Title:
Wi-Fi hotspot startup does not configure firewall as needed for
internet sharing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2128668/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
