The intent is to have default IPV6=no. With this setting, only IPV6 on
loopback is accepted, otherwise DROP. the 'ufw enable' command does do
this properly, but the bug is that /etc/init.d/ufw does not, so on
reboot you get default ACCEPT rather than the documented (and intended)
default DROP with allowed loopback.
** Summary changed:
- Please set /etc/default/ufw's ipv6 line to yes
+ ufw: default IPv6 policy not set on boot when IPV6=no
** Description changed:
Binary package hint: ufw
+
+ According to the comment in /etc/default/ufw, when IPV6=no, IPV6 is only
+ accepted on loopback. According to ip6tables, this is misleading
+ because it actually defaults to ACCEPT on inbound, outbound, and forward
+ with no further rules. According to the ufw manpage, IPv6 must be
+ enabled in /etc/default/ufw to work, so the comment disagrees with that
+ as well.
"sudo ufw enable" currently only enables IPv4 firewalling. This is bad,
and it is caused by the IPV6=no setting in /etc/default/ufw This line
should default to IPV6=yes
-
- The comment needs to be clarified as well. According to the comment,
- when IPV6=no, IPV6 is only accepted on loopback. According to
- ip6tables, this is misleading because it actually defaults to ACCEPT on
- inbound, outbound, and forward with no further rules. According to the
- ufw manpage, IPv6 must be enabled in /etc/default/ufw to work, so the
- comment disagrees with that as well.
** Changed in: ufw (Ubuntu)
Status: Triaged => In Progress
** Changed in: ufw (Ubuntu)
Status: In Progress => Fix Committed
--
ufw: default IPv6 policy not set on boot when IPV6=no
https://bugs.launchpad.net/bugs/251355
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
