** Changed in: ufw (Ubuntu Bionic)
Status: Triaged => In Progress
** Changed in: ufw (Ubuntu Cosmic)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ufw in Ubuntu.
https://bugs.launchpad.net/bugs/1719211
Title:
Bad interface name
Status in ufw package in Ubuntu:
Fix Released
Status in ufw source package in Bionic:
In Progress
Status in ufw source package in Cosmic:
In Progress
Status in ufw source package in Disco:
Fix Released
Bug description:
[Impact]
ufw's interface name's or both too strict (this bug) and too loose
(iptables has its own limits). Adjust the interface name checks to
match those of the kernel.
[Test Case]
$ sudo ufw --dry-run allow in on i-1|grep i-1
### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_i-1
-A ufw-user-input -i i-1 -j ACCEPT
### tuple ### allow any any ::/0 any ::/0 in_i-1
-A ufw6-user-input -i i-1 -j ACCEPT
With an unpatched ufw, the above results in:
$ sudo ufw --dry-run allow in on i-1|grep i-1
ERROR: Bad interface name
[Regression Potential]
Risk of regression is considered low since the updated allow more than
what is currently allowed, but not more than what iptables allows.
See:
https://git.launchpad.net/ufw/tree/src/common.py?h=release/0.36#n295
= Original description =
Is there a reason to restrict interface's name in ufw?
Should ufw accept what iptables accept as iface name?
I've a vpn with lot of nodes, its iface name contain a '-' so cannot
use ufw on it.
I've found the check here and cannot found a reason for it:
http://bazaar.launchpad.net/~jdstrand/ufw/trunk/view/head:/src/common.py#L300
thanks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1719211/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
