touch-packages team mailing list archive

Thread
Date

[Bug 881137] Re: UFW does not clean iptables setting from /etc/ufw/before.rules

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Fri, 20 Feb 2015 20:51:33 -0000
Reply-to: Bug 881137 <881137@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Sam, while ufw has added support for managing the FORWARD chain, it does
not yet support the nat table which is why you are seeing this issue.
Please see comments #1 and #5 in this bug for more details.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/881137

Title:
  UFW does not clean iptables setting from /etc/ufw/before.rules

Status in ufw package in Ubuntu:
  Won't Fix

Bug description:
  Adding some additional settings to /etc/ufw/before.rules is not
  deleted when ufw is stopped.

  I added these lines at top of file /etc/ufw/before.rules

  *nat
  :POSTROUTING ACCEPT [0:0]
  -A POSTROUTING -o eth0 -j MASQUERADE
  COMMIT

  Then I reloaded ufw firewall with command: ufw reload. Output from
  iptables-save

  $ iptables-save -t nat
  *nat
  :PREROUTING ACCEPT [4:478]
  :INPUT ACCEPT [4:478]
  :OUTPUT ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  -A POSTROUTING -o eth0 -j MASQUERADE 
  COMMIT

  Then I reloaded ufw firewall again:

  $ iptables-save -t nat
  *nat
  :PREROUTING ACCEPT [4:478]
  :INPUT ACCEPT [4:478]
  :OUTPUT ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  -A POSTROUTING -o eth0 -j MASQUERADE 
  -A POSTROUTING -o eth0 -j MASQUERADE 
  COMMIT

  And ufw reload again

  $ iptables-save -t nat
  *nat
  :PREROUTING ACCEPT [4:478]
  :INPUT ACCEPT [4:478]
  :OUTPUT ACCEPT [0:0]
  :POSTROUTING ACCEPT [0:0]
  -A POSTROUTING -o eth0 -j MASQUERADE 
  -A POSTROUTING -o eth0 -j MASQUERADE 
  -A POSTROUTING -o eth0 -j MASQUERADE
  COMMIT

  And again and postrouting is never deleted when ufw is stopped and
  added again when stared. Same happen if I stop ufw firewall with: $
  stop ufw. nat lines are not cleaned.

  UFW should remove all iptables settings specified in config files
  after ufw is stopped! This can be dangerous if apt-get is updating
  some ufw files and scripts needs to reload ufw (some lines will be
  more times).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/881137/+subscriptions