← Back to team overview

touch-packages team mailing list archive

[Bug 1434525] Re: Router solicitation blocked, makes network-manager complain

 

** Changed in: ufw (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1434525

Title:
  Router solicitation blocked, makes network-manager complain

Status in ufw package in Ubuntu:
  Confirmed

Bug description:
  In Vivid, my syslog is full of complains by network-manager about
  blocked Router solicitation.

  In my log, I get things like this:

  ...
  Mar 20 12:47:04 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852024.960398] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
  Mar 20 12:47:04 franck-ThinkPad-T430s kernel: [ 8209.218586] [UFW BLOCK] IN= OUT=wlan0 SRC=fe80:0000:0000:0000:2677:03ff:fe8a:47a0 DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0 
  Mar 20 12:47:05 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852025.959574] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
  Mar 20 12:47:08 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852028.958727] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
  Mar 20 12:47:09 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852029.958873] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
  Mar 20 12:47:12 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852032.961342] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
  Mar 20 12:47:13 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852033.959493] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
  Mar 20 12:47:16 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852036.960008] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
  Mar 20 12:47:17 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852037.959215] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
  Mar 20 12:47:20 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852040.961811] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
  Mar 20 12:47:21 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852041.958641] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
  Mar 20 12:47:24 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852044.960743] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
  Mar 20 12:47:24 franck-ThinkPad-T430s kernel: [ 8229.224325] [UFW BLOCK] IN= OUT=wlan0 SRC=fe80:0000:0000:0000:2677:03ff:fe8a:47a0 DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0 
  Mar 20 12:47:25 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852045.958895] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
  Mar 20 12:47:28 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852048.960527] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
  ...

  and so on.

  I have read through http://www.ietf.org/rfc/rfc4890.txt but this is a
  bit tougth, and I like ufw doing the job for me :-).

  Here is the output of ip6tables --list :

  Chain INPUT (policy DROP)
  target     prot opt source               destination         
  ufw6-before-logging-input  all      anywhere             anywhere            
  ufw6-before-input  all      anywhere             anywhere            
  ufw6-after-input  all      anywhere             anywhere            
  ufw6-after-logging-input  all      anywhere             anywhere            
  ufw6-reject-input  all      anywhere             anywhere            
  ufw6-track-input  all      anywhere             anywhere            

  Chain FORWARD (policy DROP)
  target     prot opt source               destination         
  ufw6-before-logging-forward  all      anywhere             anywhere            
  ufw6-before-forward  all      anywhere             anywhere            
  ufw6-after-forward  all      anywhere             anywhere            
  ufw6-after-logging-forward  all      anywhere             anywhere            
  ufw6-reject-forward  all      anywhere             anywhere            
  ufw6-track-forward  all      anywhere             anywhere            

  Chain OUTPUT (policy DROP)
  target     prot opt source               destination         
  ufw6-before-logging-output  all      anywhere             anywhere            
  ufw6-before-output  all      anywhere             anywhere            
  ufw6-after-output  all      anywhere             anywhere            
  ufw6-after-logging-output  all      anywhere             anywhere            
  ufw6-reject-output  all      anywhere             anywhere            
  ufw6-track-output  all      anywhere             anywhere            

  Chain ufw6-after-forward (1 references)
  target     prot opt source               destination         

  Chain ufw6-after-input (1 references)
  target     prot opt source               destination         
  ufw6-skip-to-policy-input  udp      anywhere             anywhere             udp dpt:netbios-ns
  ufw6-skip-to-policy-input  udp      anywhere             anywhere             udp dpt:netbios-dgm
  ufw6-skip-to-policy-input  tcp      anywhere             anywhere             tcp dpt:netbios-ssn
  ufw6-skip-to-policy-input  tcp      anywhere             anywhere             tcp dpt:microsoft-ds
  ufw6-skip-to-policy-input  udp      anywhere             anywhere             udp dpt:dhcpv6-client
  ufw6-skip-to-policy-input  udp      anywhere             anywhere             udp dpt:dhcpv6-server

  Chain ufw6-after-logging-forward (1 references)
  target     prot opt source               destination         
  LOG        all      anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

  Chain ufw6-after-logging-input (1 references)
  target     prot opt source               destination         
  LOG        all      anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

  Chain ufw6-after-logging-output (1 references)
  target     prot opt source               destination         
  LOG        all      anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

  Chain ufw6-after-output (1 references)
  target     prot opt source               destination         

  Chain ufw6-before-forward (1 references)
  target     prot opt source               destination         
  DROP       all      anywhere             anywhere             rt type:0 segsleft:0
  ACCEPT     all      anywhere             anywhere             ctstate RELATED,ESTABLISHED
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp destination-unreachable
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp packet-too-big
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp time-exceeded
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp parameter-problem
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp echo-request
  ufw6-user-forward  all      anywhere             anywhere            

  Chain ufw6-before-input (1 references)
  target     prot opt source               destination         
  ACCEPT     all      anywhere             anywhere            
  DROP       all      anywhere             anywhere             rt type:0 segsleft:0
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp neighbour-solicitation HL match HL == 255
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp neighbour-advertisement HL match HL == 255
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp router-solicitation HL match HL == 255
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp router-advertisement HL match HL == 255
  ACCEPT     all      anywhere             anywhere             ctstate RELATED,ESTABLISHED
  ACCEPT     ipv6-icmp    fe80::/10            anywhere             ipv6-icmp echo-reply
  ufw6-logging-deny  all      anywhere             anywhere             ctstate INVALID
  DROP       all      anywhere             anywhere             ctstate INVALID
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp destination-unreachable
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp packet-too-big
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp time-exceeded
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp parameter-problem
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp echo-request
  ACCEPT     udp      fe80::/10            fe80::/10            udp spt:dhcpv6-server dpt:dhcpv6-client
  ACCEPT     udp      anywhere             ff02::fb             udp dpt:mdns
  ACCEPT     udp      anywhere             ff02::f              udp dpt:1900
  ufw6-user-input  all      anywhere             anywhere            

  Chain ufw6-before-logging-forward (1 references)
  target     prot opt source               destination         

  Chain ufw6-before-logging-input (1 references)
  target     prot opt source               destination         

  Chain ufw6-before-logging-output (1 references)
  target     prot opt source               destination         

  Chain ufw6-before-output (1 references)
  target     prot opt source               destination         
  ACCEPT     all      anywhere             anywhere            
  DROP       all      anywhere             anywhere             rt type:0 segsleft:0
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp neighbour-solicitation HL match HL == 255
  ACCEPT     ipv6-icmp    anywhere             anywhere             ipv6-icmp neighbour-advertisement HL match HL == 255
  ACCEPT     all      anywhere             anywhere             ctstate RELATED,ESTABLISHED
  ufw6-user-output  all      anywhere             anywhere            

  Chain ufw6-logging-allow (0 references)
  target     prot opt source               destination         
  LOG        all      anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

  Chain ufw6-logging-deny (1 references)
  target     prot opt source               destination         
  RETURN     all      anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
  LOG        all      anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

  Chain ufw6-reject-forward (1 references)
  target     prot opt source               destination         

  Chain ufw6-reject-input (1 references)
  target     prot opt source               destination         

  Chain ufw6-reject-output (1 references)
  target     prot opt source               destination         

  Chain ufw6-skip-to-policy-forward (0 references)
  target     prot opt source               destination         
  DROP       all      anywhere             anywhere            

  Chain ufw6-skip-to-policy-input (6 references)
  target     prot opt source               destination         
  DROP       all      anywhere             anywhere            

  Chain ufw6-skip-to-policy-output (0 references)
  target     prot opt source               destination         
  DROP       all      anywhere             anywhere            

  Chain ufw6-track-forward (1 references)
  target     prot opt source               destination         

  Chain ufw6-track-input (1 references)
  target     prot opt source               destination         

  Chain ufw6-track-output (1 references)
  target     prot opt source               destination         

  Chain ufw6-user-forward (1 references)
  target     prot opt source               destination         

  Chain ufw6-user-input (1 references)
  target     prot opt source               destination         
  ACCEPT     udp      anywhere             anywhere             multiport dports 6881:6882
  ACCEPT     tcp      anywhere             anywhere             multiport dports 6881:6882

  Chain ufw6-user-limit (0 references)
  target     prot opt source               destination         
  LOG        all      anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
  REJECT     all      anywhere             anywhere             reject-with icmp6-port-unreachable

  Chain ufw6-user-limit-accept (0 references)
  target     prot opt source               destination         
  ACCEPT     all      anywhere             anywhere            

  Chain ufw6-user-logging-forward (0 references)
  target     prot opt source               destination         

  Chain ufw6-user-logging-input (0 references)
  target     prot opt source               destination         

  Chain ufw6-user-logging-output (0 references)
  target     prot opt source               destination         

  Chain ufw6-user-output (1 references)
  target     prot opt source               destination         
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:ipp
  ACCEPT     udp      anywhere             anywhere             udp dpt:ipp
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:domain
  ACCEPT     udp      anywhere             anywhere             udp dpt:domain
  ACCEPT     udp      anywhere             anywhere             udp dpt:bootps
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:https
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:http
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:imap2
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:ssh
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:postgresql
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:http-alt
  ACCEPT     udp      anywhere             anywhere             multiport dports netbios-ns,netbios-dgm
  ACCEPT     tcp      anywhere             anywhere             multiport dports netbios-ssn,microsoft-ds
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:l2f
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:imaps
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:git
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:whois
  ACCEPT     udp      anywhere             anywhere             udp dpt:43
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:ircd
  ACCEPT     tcp      anywhere             anywhere             tcp dpt:3389
  ACCEPT     udp      anywhere             anywhere             multiport dports 6881:6882
  ACCEPT     tcp      anywhere             anywhere             multiport dports 6881:6882

  Maybe /etc/ufw/before6.rules should be adjusted ? (or maybe it's a bug
  in Network-manager?)

  ProblemType: Bug
  DistroRelease: Ubuntu 15.04
  Package: ufw 0.34~rc-0ubuntu5
  ProcVersionSignature: Ubuntu 3.19.0-9.9-generic 3.19.1
  Uname: Linux 3.19.0-9-generic x86_64
  ApportVersion: 2.16.2-0ubuntu3
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Mar 20 12:43:56 2015
  InstallationDate: Installed on 2014-12-13 (96 days ago)
  InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
  PackageArchitecture: all
  SourcePackage: ufw
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.default.ufw: 2015-03-17T18:03:15.349146

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1434525/+subscriptions


References