gufw-developers team mailing list archive
-
gufw-developers team
-
Mailing list archive
-
Message #01880
[Bug 1441850] Re: Gufw "Advanced" configuration does not really work.
Gufw improved a lot in 1 year :)
I'm afraid is not possible that backport (By the QA Ubuntu).
Your unique way is to install the .deb into your system:
http://packages.ubuntu.com/vivid/all/gufw/download
I'll not change the 'security' bug to a normal bug, because you put in
there personal info ;)
Best regards Aaron and I'm glad it worked for you :D
Cheers!
On Fri, Apr 10, 2015 at 10:19 PM, Aaron <lafeyette.management@xxxxxxxxx>
wrote:
> Done.... Worked!
>
> Thank you, Marcos! Muchos gracias!
>
> This has resolved the problem. Seems to me that, then, this is a legit bug
> in 14.04.x, and a definite security risk--I was lucky I found it. Any
> chance of pushing 15.04 into the Ubuntu repositories for 14.04 and later?
>
> Again, many thanks!
>
> Take care!
>
> A./
>
> On Fri, Apr 10, 2015 at 1:42 PM, costales <1441850@xxxxxxxxxxxxxxxxxx>
> wrote:
>
> > WEll... COuld you install gufw 15.04? IT works in 14.04 and allow you to
> > create a rule from the listening report :) and your rule will be
> > preconfigured
> >
> > On Friday, April 10, 2015, Aaron <lafeyette.management@xxxxxxxxx> wrote:
> > > Listening Report:
> > > No. Protocol Port Address Application
> > > 1 TCP 22 * sshd
> > >
> > > Other ports are listed as well, but I figured this was the pertinent
> one.
> > > I do not bother listing IPv6 as IPv6 is turned off on this machine.
> (Not
> > > used on our network.)
> > >
> > > Thank you!
> > >
> > > P. S. If I stop GUFW, I can log into the machine remotely using SSH,
> no
> > > problem. Clearly, the port is operational and OpenSSH-Server is
> > installed
> > > and operating properly.
> > >
> > > A./
> > >
> > > On Fri, Apr 10, 2015 at 11:05 AM, costales <1441850@xxxxxxxxxxxxxxxxxx
> >
> > > wrote:
> > >
> > >> Well... Could you check the Listening report and review the port 22?
> :)
> > >>
> > >> --
> > >> You received this bug notification because you are subscribed to the
> bug
> > >> report.
> > >> https://bugs.launchpad.net/bugs/1441850
> > >>
> > >> Title:
> > >> Gufw "Advanced" configuration does not really work.
> > >>
> > >> Status in Gufw:
> > >> New
> > >>
> > >> Bug description:
> > >> Regarding GUFW as available for Ubuntu 14.04 and later (14.04.2 LTS)
> > >>
> > >> When trying to configure GUFW to block all access to a server EXCEPT
> > >> that originating on our internal network (which is somewhat open to
> > >> the public), GUFW simply throws an error, claiming ERROR: Wrong
> number
> > >> of arguments.
> > >>
> > >> Under the ADVANCED tab, I was trying to specify that ssh requests
> > >> coming in from our internal class B network, XXX.YYY.0.0/16 should
> be
> > >> allowed in on port 22. To do this, I specified the IP address of
> the
> > >> network in the FROM field, and the PORT in the TO field, leaving the
> > >> PORT in the from field unfilled in and the IP address in the TO
> field
> > >> blank.
> > >>
> > >> All I get is an error placed in the log: ERROR: Wrong number of
> > >> arguments.
> > >>
> > >> This tells me nothing useful.
> > >>
> > >>
> > >> However, in the older version of Gufw, version 12.04.1, (as is
> > >> available with Ubuntu 12.04), this same configuration technique works
> > >> perfectly.)
> > >>
> > >> So far, the only way around this seems to be to manipulate the
> > >> underlying UFW directly, but that is not very easy as the
> command-line
> > >> configuration is, shall we say, rather less than intuitive (as in
> > >> "needlessly arcane, finicky, non-standard and complex")
> > >>
> > >> Of course, however, rules applied to UFW directly cannot be modified
> > >> or even looked at from Gufw. Worse, if I copy a rule that
> > >> approximates what I want, then try to modify it, Gufw deletes the
> > >> original rule, claims to have added the new one, but examination of
> > >> the log reveals that the modified rule has failed, so it ends up
> > >> stripping both the original copied rule and the modified one. I
> would
> > >> have expected to be shown the error and the original rule that I
> > >> copied left there, unchanged. Evidently, however, the actual error-
> > >> checking only occurs AFTER the rule was copied and modified, rather
> > >> than before attempting to modify. Not good.
> > >>
> > >> An inexperienced systems administrator could very well be fooled
> into
> > >> thinking the changed rule worked when, in fact, it did not, so no
> > >> error message is displayed. Busy systems admins don't always think
> to
> > >> check the log, especially if the log is known to not provide very
> much
> > >> useful or helpful information. "ERROR: Wrong number of arguments."
> is
> > >> definitely in the category of "not very useful or helpful."
> > >>
> > >> To manage notifications about this bug go to:
> > >> https://bugs.launchpad.net/gui-ufw/+bug/1441850/+subscriptions
> > >>
> > >
> > >
> > > --
> > > The truth is out there...somewhere....getting wet in the rain....
> > >
> > > --
> > > You received this bug notification because you are subscribed to Gufw.
> > > https://bugs.launchpad.net/bugs/1441850
> > >
> > > Title:
> > > Gufw "Advanced" configuration does not really work.
> > >
> > > To manage notifications about this bug go to:
> > > https://bugs.launchpad.net/gui-ufw/+bug/1441850/+subscriptions
> > >
> >
> > --
> > You received this bug notification because you are subscribed to the bug
> > report.
> > https://bugs.launchpad.net/bugs/1441850
> >
> > Title:
> > Gufw "Advanced" configuration does not really work.
> >
> > Status in Gufw:
> > New
> >
> > Bug description:
> > Regarding GUFW as available for Ubuntu 14.04 and later (14.04.2 LTS)
> >
> > When trying to configure GUFW to block all access to a server EXCEPT
> > that originating on our internal network (which is somewhat open to
> > the public), GUFW simply throws an error, claiming ERROR: Wrong number
> > of arguments.
> >
> > Under the ADVANCED tab, I was trying to specify that ssh requests
> > coming in from our internal class B network, XXX.YYY.0.0/16 should be
> > allowed in on port 22. To do this, I specified the IP address of the
> > network in the FROM field, and the PORT in the TO field, leaving the
> > PORT in the from field unfilled in and the IP address in the TO field
> > blank.
> >
> > All I get is an error placed in the log: ERROR: Wrong number of
> > arguments.
> >
> > This tells me nothing useful.
> >
> >
> > However, in the older version of Gufw, version 12.04.1, (as is
> > available with Ubuntu 12.04), this same configuration technique works
> > perfectly.)
> >
> > So far, the only way around this seems to be to manipulate the
> > underlying UFW directly, but that is not very easy as the command-line
> > configuration is, shall we say, rather less than intuitive (as in
> > "needlessly arcane, finicky, non-standard and complex")
> >
> > Of course, however, rules applied to UFW directly cannot be modified
> > or even looked at from Gufw. Worse, if I copy a rule that
> > approximates what I want, then try to modify it, Gufw deletes the
> > original rule, claims to have added the new one, but examination of
> > the log reveals that the modified rule has failed, so it ends up
> > stripping both the original copied rule and the modified one. I would
> > have expected to be shown the error and the original rule that I
> > copied left there, unchanged. Evidently, however, the actual error-
> > checking only occurs AFTER the rule was copied and modified, rather
> > than before attempting to modify. Not good.
> >
> > An inexperienced systems administrator could very well be fooled into
> > thinking the changed rule worked when, in fact, it did not, so no
> > error message is displayed. Busy systems admins don't always think to
> > check the log, especially if the log is known to not provide very much
> > useful or helpful information. "ERROR: Wrong number of arguments." is
> > definitely in the category of "not very useful or helpful."
> >
> > To manage notifications about this bug go to:
> > https://bugs.launchpad.net/gui-ufw/+bug/1441850/+subscriptions
> >
>
>
> --
> The truth is out there...somewhere....getting wet in the rain....
>
> --
> You received this bug notification because you are subscribed to Gufw.
> https://bugs.launchpad.net/bugs/1441850
>
> Title:
> Gufw "Advanced" configuration does not really work.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/gui-ufw/+bug/1441850/+subscriptions
>
** Changed in: gui-ufw
Status: New => Invalid
--
You received this bug notification because you are a member of Gufw
Developers, which is subscribed to Gufw.
https://bugs.launchpad.net/bugs/1441850
Title:
Gufw "Advanced" configuration does not really work.
Status in Gufw:
Invalid
Bug description:
Regarding GUFW as available for Ubuntu 14.04 and later (14.04.2 LTS)
When trying to configure GUFW to block all access to a server EXCEPT
that originating on our internal network (which is somewhat open to
the public), GUFW simply throws an error, claiming ERROR: Wrong number
of arguments.
Under the ADVANCED tab, I was trying to specify that ssh requests
coming in from our internal class B network, XXX.YYY.0.0/16 should be
allowed in on port 22. To do this, I specified the IP address of the
network in the FROM field, and the PORT in the TO field, leaving the
PORT in the from field unfilled in and the IP address in the TO field
blank.
All I get is an error placed in the log: ERROR: Wrong number of
arguments.
This tells me nothing useful.
However, in the older version of Gufw, version 12.04.1, (as is available with Ubuntu 12.04), this same configuration technique works perfectly.)
So far, the only way around this seems to be to manipulate the
underlying UFW directly, but that is not very easy as the command-line
configuration is, shall we say, rather less than intuitive (as in
"needlessly arcane, finicky, non-standard and complex")
Of course, however, rules applied to UFW directly cannot be modified
or even looked at from Gufw. Worse, if I copy a rule that
approximates what I want, then try to modify it, Gufw deletes the
original rule, claims to have added the new one, but examination of
the log reveals that the modified rule has failed, so it ends up
stripping both the original copied rule and the modified one. I would
have expected to be shown the error and the original rule that I
copied left there, unchanged. Evidently, however, the actual error-
checking only occurs AFTER the rule was copied and modified, rather
than before attempting to modify. Not good.
An inexperienced systems administrator could very well be fooled into
thinking the changed rule worked when, in fact, it did not, so no
error message is displayed. Busy systems admins don't always think to
check the log, especially if the log is known to not provide very much
useful or helpful information. "ERROR: Wrong number of arguments." is
definitely in the category of "not very useful or helpful."
To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+bug/1441850/+subscriptions
References
