← Back to team overview

touch-packages team mailing list archive

[Bug 1368411] [NEW] Cannot insert IPV6 rule before IPV4 rules

 

Public bug reported:

I am unable to insert any rules concerning IPV6 before IPV4 rules. Thus, when IPV4 rules are numbered 1 to 5 and IPV6 rules are numbered  6 to 10,  the following command:
[code]
ufw insert 1 deny from 2a02:2210:12:a:b820:fff:fea2:25d1
[/code]
errors with "ERROR: Invalid position '1'".

However, the command
[code]
ufw insert 6 deny from 2a02:2210:12:a:b820:fff:fea2:25d1
[/code]
succeeds.

In my case, this poses a problem, since I am trying to insert rules from
a script against brute force attacks. The script needs to insert
blocking rules before a number of other rules that open up some ports
(since the order of rules is important in ufw). However since the number
of IPV4 rules will be changing all the time, the position of the first
available number for an IPV6 address is hard to determine.

Proposed solution: either allow IPV6 rules to precede IPV4 rules, or
implement a keyword defining the first available position; e.g. "ufw
insert first deny from 2a02:2210:12:a:b820:fff:fea2:25d1".

BTW: this was all figured out with ufw version 0.31.1-1, Ubuntu 12.04.5
LTS,

** Affects: ufw (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1368411

Title:
  Cannot insert IPV6 rule before IPV4 rules

Status in “ufw” package in Ubuntu:
  New

Bug description:
  I am unable to insert any rules concerning IPV6 before IPV4 rules. Thus, when IPV4 rules are numbered 1 to 5 and IPV6 rules are numbered  6 to 10,  the following command:
  [code]
  ufw insert 1 deny from 2a02:2210:12:a:b820:fff:fea2:25d1
  [/code]
  errors with "ERROR: Invalid position '1'".

  However, the command
  [code]
  ufw insert 6 deny from 2a02:2210:12:a:b820:fff:fea2:25d1
  [/code]
  succeeds.

  In my case, this poses a problem, since I am trying to insert rules
  from a script against brute force attacks. The script needs to insert
  blocking rules before a number of other rules that open up some ports
  (since the order of rules is important in ufw). However since the
  number of IPV4 rules will be changing all the time, the position of
  the first available number for an IPV6 address is hard to determine.

  Proposed solution: either allow IPV6 rules to precede IPV4 rules, or
  implement a keyword defining the first available position; e.g. "ufw
  insert first deny from 2a02:2210:12:a:b820:fff:fea2:25d1".

  BTW: this was all figured out with ufw version 0.31.1-1, Ubuntu
  12.04.5 LTS,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1368411/+subscriptions


Follow ups

References