ufw: default IPv6 policy not set on boot when IPV6=no
Bug #251355 reported by
Mackenzie Morgan
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ufw (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Hardy |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Binary package hint: ufw
According to the comment in /etc/default/ufw, when IPV6=no, IPV6 is only accepted on loopback. According to ip6tables, this is misleading because it actually defaults to ACCEPT on inbound, outbound, and forward with no further rules. According to the ufw manpage, IPv6 must be enabled in /etc/default/ufw to work, so the comment disagrees with that as well.
"sudo ufw enable" currently only enables IPv4 firewalling. This is bad, and it is caused by the IPV6=no setting in /etc/default/ufw This line should default to IPV6=yes
Changed in ufw: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
Thank you for using Ubuntu and taking the time to report a bug. Enabling IPv6 by default at this point in time is IMO not a good idea generally, as it is not in widespread use. IPv6 users can easily enable it if needed. This issue can of course be revisited when IPv6 is more widely deployed.
When IPv6=no, and a user runs 'ufw enable' (perhaps running disable before), the chains are default DROP as stated in the documentation. However, there is a bug in the initscript that doesn't set IPv6 up correctly on boot. This will be addressed in a future release.