touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #97769
[Bug 1434525] Re: Router solicitation blocked, makes network-manager complain
This bug was fixed in the package ufw - 0.34-0ubuntu1
---------------
ufw (0.34-0ubuntu1) wily; urgency=medium
* New upstream release (LP: #1434525, LP: #1438647, LP: #1155292,
Closes: 792753). Drop following patches included upstream:
- 0002-lp1044361.patch
- 0003-fix-typeerror-on-error.patch
- 0004-lp1039729.patch
- 0005-lp1191197.patch
* Merge in Ubuntu packaging:
- debian/ufw.postinst:
+ drop old reload of policy for upgrades to 0.30.1-2
+ add new ufw[6]-track-forward primary chains on upgrade
- Install the SysV init and upstart script for both Debian and Ubuntu.
Debian has upstart too, and in Ubuntu we need the init script for LSB
dependencies and for systemd. (LP: #1341083)
+ Rename debian/ufw.init.debian to debian/ufw.init
+ Rename debian/ufw.upstart.ubuntu to debian/ufw.upstart
+ Remove all the distro specific code from debian/rules and just call
dh_installinit (thus removing lsb-release from Build-Depends-Indep).
- Drop the distro specific logrotate configs, and use the ubuntu one with
"rotate" instead of "reload" everywhere, as Debian's rsyslog init also
supports "rotate".
- Add a systemd unit:
+ Add debian/ufw.service
+ Add dh-systemd build dep.
+ debian/rulles: Call dh_systemd_{enable,start}.
- Don't include Debian version in the python module version (LP: #1465549)
* debian/copyright: follow copyright-format/1.0
* debian/po/pt_BR.po: add Brazilian Portuguese of debconf templates. Thanks
to Adriano Rafael Gomes (Closes: 770453)
* update debian/before[6].rules.md5sum
* debian/ufw.lintian-overrides:
- usr/share/ufw/after.init and before.init are intentionally not
executable
- we intentionally do not stop the firewall with init.d script
* debian/control: Build-Depends-Indep on procps (needed by testsuite for
sysctl)
* debian/ufw.dirs, debian/rules: copy bash completions to
/usr/share/bash-completion/completions
* debian/rules: run 'make clean' after running the testsuite since the
testsuite creates a build/ directory not that would be reused
* debian/ufw.postrm: remove after.init and before.init on purge
-- Jamie Strandboge <jamie@xxxxxxxxxx> Thu, 20 Aug 2015 08:34:19 -0500
** Changed in: ufw (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1434525
Title:
Router solicitation blocked, makes network-manager complain
Status in ufw package in Ubuntu:
Fix Released
Bug description:
In Vivid, my syslog is full of complains by network-manager about
blocked Router solicitation.
In my log, I get things like this:
...
Mar 20 12:47:04 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852024.960398] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
Mar 20 12:47:04 franck-ThinkPad-T430s kernel: [ 8209.218586] [UFW BLOCK] IN= OUT=wlan0 SRC=fe80:0000:0000:0000:2677:03ff:fe8a:47a0 DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0
Mar 20 12:47:05 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852025.959574] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
Mar 20 12:47:08 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852028.958727] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
Mar 20 12:47:09 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852029.958873] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
Mar 20 12:47:12 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852032.961342] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
Mar 20 12:47:13 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852033.959493] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
Mar 20 12:47:16 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852036.960008] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
Mar 20 12:47:17 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852037.959215] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
Mar 20 12:47:20 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852040.961811] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
Mar 20 12:47:21 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852041.958641] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
Mar 20 12:47:24 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852044.960743] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
Mar 20 12:47:24 franck-ThinkPad-T430s kernel: [ 8229.224325] [UFW BLOCK] IN= OUT=wlan0 SRC=fe80:0000:0000:0000:2677:03ff:fe8a:47a0 DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0
Mar 20 12:47:25 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852045.958895] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (eth0): cannot send router solicitation: -1.
Mar 20 12:47:28 franck-ThinkPad-T430s NetworkManager[1134]: <error> [1426852048.960527] [rdisc/nm-lndp-rdisc.c:241] send_rs(): (wlan0): cannot send router solicitation: -1.
...
and so on.
I have read through http://www.ietf.org/rfc/rfc4890.txt but this is a
bit tougth, and I like ufw doing the job for me :-).
Here is the output of ip6tables --list :
Chain INPUT (policy DROP)
target prot opt source destination
ufw6-before-logging-input all anywhere anywhere
ufw6-before-input all anywhere anywhere
ufw6-after-input all anywhere anywhere
ufw6-after-logging-input all anywhere anywhere
ufw6-reject-input all anywhere anywhere
ufw6-track-input all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ufw6-before-logging-forward all anywhere anywhere
ufw6-before-forward all anywhere anywhere
ufw6-after-forward all anywhere anywhere
ufw6-after-logging-forward all anywhere anywhere
ufw6-reject-forward all anywhere anywhere
ufw6-track-forward all anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ufw6-before-logging-output all anywhere anywhere
ufw6-before-output all anywhere anywhere
ufw6-after-output all anywhere anywhere
ufw6-after-logging-output all anywhere anywhere
ufw6-reject-output all anywhere anywhere
ufw6-track-output all anywhere anywhere
Chain ufw6-after-forward (1 references)
target prot opt source destination
Chain ufw6-after-input (1 references)
target prot opt source destination
ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:netbios-ns
ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:netbios-dgm
ufw6-skip-to-policy-input tcp anywhere anywhere tcp dpt:netbios-ssn
ufw6-skip-to-policy-input tcp anywhere anywhere tcp dpt:microsoft-ds
ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:dhcpv6-client
ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:dhcpv6-server
Chain ufw6-after-logging-forward (1 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-after-logging-input (1 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-after-logging-output (1 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-after-output (1 references)
target prot opt source destination
Chain ufw6-before-forward (1 references)
target prot opt source destination
DROP all anywhere anywhere rt type:0 segsleft:0
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp parameter-problem
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request
ufw6-user-forward all anywhere anywhere
Chain ufw6-before-input (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
DROP all anywhere anywhere rt type:0 segsleft:0
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement HL match HL == 255
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmp echo-reply
ufw6-logging-deny all anywhere anywhere ctstate INVALID
DROP all anywhere anywhere ctstate INVALID
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp parameter-problem
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request
ACCEPT udp fe80::/10 fe80::/10 udp spt:dhcpv6-server dpt:dhcpv6-client
ACCEPT udp anywhere ff02::fb udp dpt:mdns
ACCEPT udp anywhere ff02::f udp dpt:1900
ufw6-user-input all anywhere anywhere
Chain ufw6-before-logging-forward (1 references)
target prot opt source destination
Chain ufw6-before-logging-input (1 references)
target prot opt source destination
Chain ufw6-before-logging-output (1 references)
target prot opt source destination
Chain ufw6-before-output (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
DROP all anywhere anywhere rt type:0 segsleft:0
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement HL match HL == 255
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ufw6-user-output all anywhere anywhere
Chain ufw6-logging-allow (0 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw6-logging-deny (1 references)
target prot opt source destination
RETURN all anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-reject-forward (1 references)
target prot opt source destination
Chain ufw6-reject-input (1 references)
target prot opt source destination
Chain ufw6-reject-output (1 references)
target prot opt source destination
Chain ufw6-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all anywhere anywhere
Chain ufw6-skip-to-policy-input (6 references)
target prot opt source destination
DROP all anywhere anywhere
Chain ufw6-skip-to-policy-output (0 references)
target prot opt source destination
DROP all anywhere anywhere
Chain ufw6-track-forward (1 references)
target prot opt source destination
Chain ufw6-track-input (1 references)
target prot opt source destination
Chain ufw6-track-output (1 references)
target prot opt source destination
Chain ufw6-user-forward (1 references)
target prot opt source destination
Chain ufw6-user-input (1 references)
target prot opt source destination
ACCEPT udp anywhere anywhere multiport dports 6881:6882
ACCEPT tcp anywhere anywhere multiport dports 6881:6882
Chain ufw6-user-limit (0 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all anywhere anywhere reject-with icmp6-port-unreachable
Chain ufw6-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all anywhere anywhere
Chain ufw6-user-logging-forward (0 references)
target prot opt source destination
Chain ufw6-user-logging-input (0 references)
target prot opt source destination
Chain ufw6-user-logging-output (0 references)
target prot opt source destination
Chain ufw6-user-output (1 references)
target prot opt source destination
ACCEPT tcp anywhere anywhere tcp dpt:ipp
ACCEPT udp anywhere anywhere udp dpt:ipp
ACCEPT tcp anywhere anywhere tcp dpt:domain
ACCEPT udp anywhere anywhere udp dpt:domain
ACCEPT udp anywhere anywhere udp dpt:bootps
ACCEPT tcp anywhere anywhere tcp dpt:https
ACCEPT tcp anywhere anywhere tcp dpt:http
ACCEPT tcp anywhere anywhere tcp dpt:imap2
ACCEPT tcp anywhere anywhere tcp dpt:ssh
ACCEPT tcp anywhere anywhere tcp dpt:postgresql
ACCEPT tcp anywhere anywhere tcp dpt:http-alt
ACCEPT udp anywhere anywhere multiport dports netbios-ns,netbios-dgm
ACCEPT tcp anywhere anywhere multiport dports netbios-ssn,microsoft-ds
ACCEPT tcp anywhere anywhere tcp dpt:l2f
ACCEPT tcp anywhere anywhere tcp dpt:imaps
ACCEPT tcp anywhere anywhere tcp dpt:git
ACCEPT tcp anywhere anywhere tcp dpt:whois
ACCEPT udp anywhere anywhere udp dpt:43
ACCEPT tcp anywhere anywhere tcp dpt:ircd
ACCEPT tcp anywhere anywhere tcp dpt:3389
ACCEPT udp anywhere anywhere multiport dports 6881:6882
ACCEPT tcp anywhere anywhere multiport dports 6881:6882
Maybe /etc/ufw/before6.rules should be adjusted ? (or maybe it's a bug
in Network-manager?)
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: ufw 0.34~rc-0ubuntu5
ProcVersionSignature: Ubuntu 3.19.0-9.9-generic 3.19.1
Uname: Linux 3.19.0-9-generic x86_64
ApportVersion: 2.16.2-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Mar 20 12:43:56 2015
InstallationDate: Installed on 2014-12-13 (96 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
PackageArchitecture: all
SourcePackage: ufw
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.default.ufw: 2015-03-17T18:03:15.349146
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1434525/+subscriptions
References
