← Back to team overview

gufw-developers team mailing list archive

  1. gufw-developers team
  2. Mailing list archive
  3. Message #02085

[Bug 1650489] [NEW] ufw broken on Linux Mint 17.3

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hi,

on my Linux Mint 17.3 x64 Cinnamon, ufw appears to be broken (0.34~rc-
0ubuntu2).

Networking seemed to work alright, surfing was no problem, also FTP and
SSH worked. But not Bonjour, which I need to use the scanner that is
inside my Canon MX925. So I used gufw (14.04.2-0ubuntu1.2) to add rules
that allow packets sent to ports 8610 and 8612, and packets coming from
5353 (Bonjour). But still, some of these packets get blocked, according
to syslog.

Looking deeper inside the matter, I realised that the default inbound
policy is deny. So surfing should not be possible, but it works alright.

sudo ufw status verbose

Status: Aktiv
Protokollierung: on (medium)
Voreinstellung: reject (eingehend), allow (abgehend), disabled (gesendet)
Neue Profile: skip

Zu                         Aktion      Von
--                         ------      ---
8612                       ALLOW IN    Anywhere (log)
5353                       ALLOW IN    Anywhere (log)
8612 (v6)                  ALLOW IN    Anywhere (v6) (log)
5353 (v6)                  ALLOW IN    Anywhere (v6) (log)

8610                       ALLOW OUT   Anywhere (log)
8612                       ALLOW OUT   Anywhere (log)
8610 (v6)                  ALLOW OUT   Anywhere (v6) (log)
8612 (v6)                  ALLOW OUT   Anywhere (v6) (log)

Bonjour should be the only thing working, but in fact, it's the only
thing NOT working. So I looked at those predefined sets of rules that
ufw should come with, according to

http://www.larrytalkstech.com/ufw-the-linux-uncomplicated-firewall/

but most of the ones mentioned there are missing.

sudo ufw app list

Verfügbare Anwendungen:
  CUPS
  Samba

Only CUPS and Samba are known? Not even DNS or tcp/80 ? Since surfing
works alright, my guess is that ufw does not really work together with
iptables, which to my understanding is the "real firewall" that (g)ufw
is only a frontend for. So ufw does not show all rules that are in
force, and ufw does not correctly apply new rules at the correct
position in the chain, so they get defeated by the existing rules, thus
Bonjour gets broken.

Dec 15 14:00:30 FSC-neu kernel: [72537.358551] [UFW BLOCK] IN=eth0 OUT=
MAC=90:1b:0e:18:56:e3:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251
DST=192.168.1.31 LEN=146 TOS=0x00 PREC=0x00 TTL=64 ID=63636 PROTO=UDP
SPT=5353 DPT=36762 LEN=126

Thanks
Oliver

** Affects: gui-ufw
     Importance: Undecided
         Status: New

** Affects: linuxmint
     Importance: Undecided
         Status: New

** Affects: ufw
     Importance: Undecided
         Status: New

** Also affects: ufw
   Importance: Undecided
       Status: New

** Also affects: gui-ufw
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Gufw
Developers, which is subscribed to Gufw.
https://bugs.launchpad.net/bugs/1650489

Title:
  ufw broken on Linux Mint 17.3

Status in Gufw:
  New
Status in Linux Mint:
  New
Status in ufw:
  New

Bug description:
  Hi,

  on my Linux Mint 17.3 x64 Cinnamon, ufw appears to be broken (0.34~rc-
  0ubuntu2).

  Networking seemed to work alright, surfing was no problem, also FTP
  and SSH worked. But not Bonjour, which I need to use the scanner that
  is inside my Canon MX925. So I used gufw (14.04.2-0ubuntu1.2) to add
  rules that allow packets sent to ports 8610 and 8612, and packets
  coming from 5353 (Bonjour). But still, some of these packets get
  blocked, according to syslog.

  Looking deeper inside the matter, I realised that the default inbound
  policy is deny. So surfing should not be possible, but it works
  alright.

  sudo ufw status verbose

  Status: Aktiv
  Protokollierung: on (medium)
  Voreinstellung: reject (eingehend), allow (abgehend), disabled (gesendet)
  Neue Profile: skip

  Zu                         Aktion      Von
  --                         ------      ---
  8612                       ALLOW IN    Anywhere (log)
  5353                       ALLOW IN    Anywhere (log)
  8612 (v6)                  ALLOW IN    Anywhere (v6) (log)
  5353 (v6)                  ALLOW IN    Anywhere (v6) (log)

  8610                       ALLOW OUT   Anywhere (log)
  8612                       ALLOW OUT   Anywhere (log)
  8610 (v6)                  ALLOW OUT   Anywhere (v6) (log)
  8612 (v6)                  ALLOW OUT   Anywhere (v6) (log)

  Bonjour should be the only thing working, but in fact, it's the only
  thing NOT working. So I looked at those predefined sets of rules that
  ufw should come with, according to

  http://www.larrytalkstech.com/ufw-the-linux-uncomplicated-firewall/

  but most of the ones mentioned there are missing.

  sudo ufw app list

  Verfügbare Anwendungen:
    CUPS
    Samba

  Only CUPS and Samba are known? Not even DNS or tcp/80 ? Since surfing
  works alright, my guess is that ufw does not really work together with
  iptables, which to my understanding is the "real firewall" that (g)ufw
  is only a frontend for. So ufw does not show all rules that are in
  force, and ufw does not correctly apply new rules at the correct
  position in the chain, so they get defeated by the existing rules,
  thus Bonjour gets broken.

  Dec 15 14:00:30 FSC-neu kernel: [72537.358551] [UFW BLOCK] IN=eth0
  OUT= MAC=90:1b:0e:18:56:e3:60:12:8b:46:ce:55:08:00 SRC=192.168.1.251
  DST=192.168.1.31 LEN=146 TOS=0x00 PREC=0x00 TTL=64 ID=63636 PROTO=UDP
  SPT=5353 DPT=36762 LEN=126

  Thanks
  Oliver

To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+bug/1650489/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next