gufw-developers team mailing list archive

Thread
Date

[Bug 1401885] Re: Allowing all UDP/TCP traffic in

To: gufw-developers@xxxxxxxxxxxxxxxxxxx
From: jean-christophe manciot <manciot.jeanchristophe@xxxxxxxxx>
Date: Sat, 13 Dec 2014 11:25:04 -0000
Reply-to: Bug 1401885 <1401885@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm fine, thanks, how are you?

You're right, but it does not change anything if I set the right subnet;
the problem actually comes from the fact that I've specified vboxnet0
after the ">" sign, instead of specifying "not forward": my mistake.

However, you cannot add a unique rule for both protocols: only one is
allowed ***when the ports are set***:
https://drive.google.com/file/d/0B5fXyIn0-GDFSEVQOG5meDVOTE0/view?usp=sharing

If I remove the ports number, then it's OK to add the rule:
https://drive.google.com/file/d/0B5fXyIn0-GDFZ3JFNWpwbEVuTlE/view?usp=sharing

With that rule added within gufw, the firewall accepts the communications in vboxnet0. 
-------------------------------------------------------------------------------------------
The trick was to specify "Not forward" after the ">" sign. No need for ufw rule anymore :)
-------------------------------------------------------------------------------------------

-- 
You received this bug notification because you are a member of Gufw
Developers, which is subscribed to Gufw.
https://bugs.launchpad.net/bugs/1401885

Title:
  Allowing all UDP/TCP traffic in

Status in Gufw:
  New

Bug description:
  Environment: Ubuntu 14.10 - Gufw 14.10.1
  ------------------

  The configuration is basic: 
  - Incoming: Deny
  - Outgoing: Allow
  - Routing: Allow

  Now, suppose you need to allow internal communication, for example all
  incoming UDP/TCP traffic from a VirtualBox VM on vboxnet0 sitting on a
  particular subnet, 192.168.56.0/24 is used here.

  Using Gufw to implement this simple setup does NOT work (UDP
  communication is still blocked - TCP configuration is not shown):
  https://drive.google.com/file/d/0B5fXyIn0-GDFbUpMaW0zVTlqYUE/view?usp=sharing

  However, using ufw allows us to attain our goal:
  ufw status
  Status: active

  To                         Action      From
  --                         ------      ----
  192.168.56.1 1:65535/tcp   ALLOW       192.168.56.0/24
  192.168.56.1 1:65535/udp   ALLOW       192.168.56.0/24

  This simple configuration allows all UDP/TCP communication in from
  192.168.56.0/24 towards the host servers.

  The problem is: it is not possible to use Gufw to make that setup, and
  once it is done through ufw CLI, it is not possible to display or edit
  it within Gufw.

  As a summary:
  --------------------
  - allowing all TCP/UDP communication IN is not possible with Gufw (have I missed something?) 
  - displaying/editing some ufw rules is not possible within gufw (have I missed something?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+bug/1401885/+subscriptions

References

[Bug 1401885] [NEW] Allowing all UDP/TCP traffic in
From: jean-christophe manciot, 2014-12-12