[Touch-packages] [Bug 1584293] Re: if two or more ufw commands are run at exactly the same time, ufw can break iptables

Mon, 23 May 2016 13:26:56 -0700 

*** This bug is a duplicate of bug 1204579 ***
    https://bugs.launchpad.net/bugs/1204579

Thank you for reporting a bug. I believe this is a duplicate of bug
#1204579.

** This bug has been marked a duplicate of bug 1204579
   ufw doesn't support concurrent updates

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1584293

Title:
  if two or more ufw commands are run at exactly the same time, ufw can
  break iptables

Status in ufw package in Ubuntu:
  New

Bug description:
  I was playing around with a script to allow a firewall entry in ufw,
  but only for a certain amount of time. The way I was doing this is by
  creating the rule and then automatically create an at job to delete it
  and the user could select time in minutes

  Everything is beautiful and wonderful with the script except for when
  you schedule two ufw delete  or more at the same time. If I do this
  only one of them deletes, even worse, my iptables "broke" and I could
  not delete rules even by resetting ufw, I kept getting this error:

   ERROR: initcaps
  [Errno 2] ip6tables: Chain already exists.

  So I had to reset the iptables

  Here is the code that creates the job in case it is any help to
  replicate

  at -f <(echo "ufw delete allow from $1 to any port $2") now + $3
  minutes

  While I don't expect people to be creating jobs left and right at the
  exact same time, I have to account for that possibility and that it
  doesn't break the firewall when it happens.

  I believe this bug has been around for more than a year or so, as
  stated here:

  https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1377600

  and here:

  http://blog.cloud66.com/ufw-shenanigans/

  I don't understand why this wasn't fixed yet, it seems like quite a
  serious issue, you never know when two sysadmins may run the same
  command at the same time, and if you have a lot of rules applied, the
  last thing you want is corrupted iptables.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1584293/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to