Ubuntu
ufw package

ufw logging off doesn't disable LIMIT logs

Bug #512131 reported by Loïc Minier
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ufw
Fix Released
Medium
Jamie Strandboge
ufw (Ubuntu)
Fix Released
Medium
Jamie Strandboge
Ubuntu ubuntu-10.04

Bug Description

Binary package hint: ufw

Hi

After setting logging to off in the config and after ufw logging enable && ufw logging disable, I still get some logs from "UFW LIMIT BLOCK".

Is there a way to avoid these?

Thanks,

ProblemType: Bug
Architecture: amd64
Date: Mon Jan 25 01:21:41 2010
DistroRelease: Ubuntu 9.10
Package: ufw 0.29-4ubuntu1
PackageArchitecture: all
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/zsh
ProcVersionSignature: Ubuntu 2.6.31-17.54-server
SourcePackage: ufw
Uname: Linux 2.6.31-17-server x86_64

Revision history for this message
Loïc Minier (lool) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I see the issue. For now you can workaround this by adjusting /lib/ufw/user*.rules and remove these lines:
### RATE LIMITING ###
-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-limit-accept -j ACCEPT
### END RATE LIMITING ###

Then perform:
$ sudo ufw relead

Verify with:
$ sudo ufw show raw|grep 'LIMIT BLOCK'

Changed in ufw (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
milestone: none → ubuntu-10.04
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Err... that should be 'sudo ufw reload'

Jamie Strandboge (jdstrand)
Changed in ufw (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Loïc Minier (lool) wrote :

I had nothing similar in /lib/ufw/user6.rules and in /lib/ufw/user.rules I had:
### END RULES ###
-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-limit-accept -j ACCEPT
COMMIT

I just dropped the -j LOG one, ran ufw reload, and ufw show raw | grep 'LIMIT BLOCK' doesn't return anything anymore.

(This is on karmic.)

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Fix committed in trunk. This will be released in 0.30. I'll probably SRU it as well.

Changed in ufw (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Loïc Minier (lool) wrote :

Thanks!

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Yeah, I meant just the LOG one. I've got some other logging fixes for SRU and will group this in there.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Fixed in 0.29.2

Changed in ufw:
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.29.3-0ubuntu1

---------------
ufw (0.29.3-0ubuntu1) lucid; urgency=low

  * New upstream release. Fixes:
    LP: #490366
    LP: #512131
    LP: #488032
    LP: #513387
  * debian/ufw.upstart.ubuntu: start before an interface receives traffic
  * debian/postinst: don't sed or chmod a file that doesn't exist
    (LP: #503039)
  * debian/after*.rules.md5sum: updated for ucf (added additional sums for
    people using the workaround in LP: #488032)
 -- Jamie Strandboge <email address hidden> Sat, 30 Jan 2010 09:42:05 -0600

Changed in ufw (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.