Public bug reported:
Binary package hint: ufw
When testing rules with '--dry-run', ufw will add the rule to the
running firewall (but not it's rules files in /var/lib/ufw). Eg:
$ sudo ufw status
Firewall loaded
$ sudo ufw --dry-run allow http*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
### RULES ###
### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0
-A ufw-user-input -p tcp --dport 80 -j ACCEPT
### END RULES ###
-A ufw-user-input -j RETURN
-A ufw-user-output -j RETURN
-A ufw-user-forward -j RETURN
COMMIT
Rule added
$ sudo ufw status
Firewall loaded
To Action From
-- ------ ----
80:tcp ALLOW Anywhere
This is problematic because 'delete' doesn't work anymore (however,
disabling/enabling the firewall or forcing a reload removes the rule).
This fix is simple, and will be uploaded to -proposed soon:
=== modified file 'src/ufw'
--- src/ufw 2008-05-10 12:28:11 +0000
+++ src/ufw 2008-07-09 19:25:18 +0000
@@ -1220,7 +1220,7 @@
rstr = "Rules updated (v6)"
# Operate on the chains
- if self._is_enabled():
+ if self._is_enabled() and not self.dryrun:
flag = ""
if modified:
# Reload the chain
** Affects: ufw (Ubuntu)
Importance: Undecided
Assignee: Jamie Strandboge (jdstrand)
Status: Triaged
** Changed in: ufw (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
Status: New => Triaged
--
[SRU] ufw adds rules to chains when --dry-run is specified
https://bugs.launchpad.net/bugs/247352
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
