touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

** No longer affects: ufw (Ubuntu Lucid)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/606997

Title:
  ufw blocks ipsec

Status in ufw - Uncomplicated Firewall:
  Fix Released
Status in “ufw” package in Ubuntu:
  Fix Released
Status in “ufw” source package in Maverick:
  Fix Released

Bug description:
  I've had IPSEC working between the Linux machines on my network for
  about a year using Firestarter as the firewall. I recently decided
  that I should probably switch to ufw since Firestarter isn't supported
  anymore, but since then I've found that IPSEC negotiations are
  unreliable: today, for example, I could see that one of the machines
  thought it had negotiated an IPSEC connection to another, but no
  messages were getting through to the other machine.

  Looking at the log files I see lots of messages along the lines of:

  Jul 18 01:20:23 nightmare kernel: [ 17.670844] [UFW BLOCK] IN=eth0
  OUT= MAC=xxxx SRC=xxxx DST=xxxx LEN=120 TOS=0x00 PREC=0x00 TTL=64
  ID=6954 DF PROTO=AH SPI=0xbd5df15

  So what I don't understand is:

  1. Why ufw is blocking a protocol that it apparently gives you no control over? I can't tell it to allow or block AH or ESP.
  2. Why it sometimes blocks the protocol and sometimes doesn't?

  ufw --version:
  ufw 0.30pre1-0ubuntu2
  Copyright 2008-2010 Canonical Ltd.

  This is Ubuntu 10.04 with the most recent updates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/606997/+subscriptions