GUFW erases the rule not selected to be erased

Hi! Can you put here all steps, please? I need more data, for me works fine.
Thanks very much!

and Gufw log, please!!! Menu File > Gufw log ;)

See this video from my desktop :O all works fine !?
http://www.mediafire.com/?ohyzz2wwqjn
Best regards

Hi Marcos,
¿Qué tal estás?

I just saw your video. Yes it works fine there. However, I consistently get the said error.

In my case, I have arranged to deny all incoming connections AND also to deny all outgoing
but I just opened the ports for outgoing connections that actually I do use.

Perhaps if you set-up the firewall with deny also for outgoing connections this error will happen to you, too.

Steps to reproduce the bug:

1) Set-up the firewall to deny all by default (incoming and outgoing, as well).
2) Add some rules to allow outgoing connections and allow some incoming rule (I just added allow
incoming connections on aleatory port 958).
3) Then just try to erase it (select the just added incoming rule to be erased, then click in the remove button)
4) Instead the selected incoming rule being erased, Gufw erases some another rule, again and once again.

I just saw that if you select some outgoing rule to be removed.. it's also not erased but it's removed some other rule.
This seemed not to happen if there was not any incoming rule, but only outgoing rules.

I attach you the log file and some screenshots.

If you tell me how to make a video of the desktop, I will attach it as well.

Regards,
Victor

I learned how to record my desktop... Installing gtk-recordMyDesktop... lol

So here I attach you a video where it is shown this bug.

If you add several outgoing rules and only one incoming rule, then the incoming rule
is not removed if you try to, but it is removed some another rule (first part of the video).

However, if you add several outgoing and incoming rules, it all are removed just fine (as per
the second time I add rules in the attached video).

¡Hola 836v! I can't reproduce it :( I sent you another video with your and my steps ?:O
http://www.mediafire.com/?mlzn5bjijnj

Can you repeat the bug with less rules? Maybe 2 or 3 rules?
Send me too the same gufw log as video, please ;) Thanks!

Some ideas: refresh gufw before (menú editar/reconfigurar).
                    can you try with ubuntu in english, please?

Thanks very much ;)

Uhm... I will use spanish, it's complicate explain the next.... ;) Please 836v & Emilio, try this:

Necesito saber si el fallo es de Gufw o de ufw ¿vale? ;)
Abre Gufw y en Archivo / Registro, borra todo, para mantener un log lo más exacto posible ;)
Ahora busca una combinación de reglas y borrados que produzca el bug, y que SIEMPRE se cumpla.
Una vez completada la combinación anterior, en el registro de gufw, pulsa "Mostrar script servidor" y copia todo en gedit.
Ahora abre una terminal y escribe:
sudo su -
y vete pegando línea a línea, y cuando toque la línea de borrar (ufw --force delete número_linea), mira si ufw la borra o no con el comando:
ufw status
Muchísimas gracias de antemano ;)

Supongo que también tengais estas versiones:
Versión Gufw: 10.04.4
Versión ufw: ufw 0.30pre1-0ubuntu2

Un saludo.

Do this:
1- Reset Gufw to the install state (clean all rules)
2- Set Gufw to Deny incoming, Allow outgoing.
3- Add a rule "Allow / Outgoing / Both / 12346"
4- Add a rule "Allow / Incoming / Both / 12345"
5- Check "ufw status numbered"
emilio@laptop:~$ sudo ufw status numbered
Estado: activo (Status: Active)

     Hasta (to) <emph>Acción</emph> (action) Desde (from)
     ----- ------------------------
[ 1] 12346 ALLOW OUT Anywhere (out)
[ 2] 12345 ALLOW IN Anywhere

6- Click on the UI the rule that says "12346 / ALLOW OUT / Anywhere" and then on Remove. The wrong rule will be deleted.
7- Check "ufw status numbered"
emilio@laptop:~$ sudo ufw status numbered
Estado: activo

     Hasta <emph>Acción</emph>Desde
     ----- ------------------------
[ 1] 12346 ALLOW OUT Anywhere (out)

8- Check the Gufw logs:
ufw enable
ufw allow out from any to any port 12346
ufw allow in from any to any port 12345
ufw --force delete 2

As you can see, The ALLOW OUT rule is #2 for Gufw, but I don't know why. I added it first, but nevertheless, after adding the second rule, it appeared second in Gufw's UI. It might be related to the fact that it isn't active (grey colored, and it doesn't make much sense as outgoing is all allowed, why allow it specifically?)

Hope you can debug this issue with this information Marcos!

Hi Marcos and Emilio,

Yes, I do have:
Versión Gufw: 10.04.4
Versión ufw: ufw 0.30pre1-0ubuntu2

Marcos, here I send you a new video of this bug along with its respective log with script enabled (after cleaning registry and reconfiguring Gufw), as per your request.

Otherwise, Emilio, concerning your question, I think it's safer to deny everything, then to open just the 3 or 4 ports and protocols you do need for surfing or mailing (and only outgoing, of course). This is also the opinion of Simon Edwards (the creator of Guarddog).

And a Linux firewall can be (still) safer, if on a per-application explicit permission basis (yes, like in Windows). This was the approach of Tuxguardian or linux-firewall.org among others.

In Linux normally we do trust on the software we install (through repositories), but as the number of Linux users increases, then not only more malware creators will turn their eyes to this operating system, but also more users will download applications from different websites or other untrusted sources.

Both reasons seem to advise the use of on a per-application basis firewall, also in Linux.

But, while somebody makes such per-application-basis firewall, the ability to deny also outgoing connections it's quite welcome.

Hi!
I think is fixed :)
Could you try the solution, please? Thanks very much!

For it, overwrite the file /usr/share/gufw/model/Rule.py with the attachment file here;
cp ~/Descargas/Rule.py /usr/share/gufw/model/Rule.py

I can confirm the patch Marcos proposed works fine for me, as I cannot reproduce the issue again following the steps I published earlier.

This patch was commited to Gufw's bzr branch: http://bazaar.launchpad.net/~gufw-developers/gui-ufw/gufw-10.04/revision/13
You can get a "plain .diff" for the commit here: http://bazaar.launchpad.net/~gufw-developers/gui-ufw/gufw-10.04/diff/13

The fix also works for me.
Now the outgoing and incoming rules are removed just fine.
Gracias Marcos.

Thanks Emilio and 836v! for the test! ;)

The bug is solved... We must wait for the upload in Lucid: Bug #581091
Best regards!

Accepted gui-ufw into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Hi!
@Martin Thanks very much!
I confirm that this bug is fixed from the proposed repository! :)
@Emilio @836v Can you confirm, please? Thanks!

Hi Marcos,
Yes, I enabled the proposed repository and I updated GUFW, then I restarted the system.

I've made several tests, and I attach a video with my last test that I just made (repeating the steps that initially did give the problem).

I also can confirm that GUFW removes now correctly the "in" rules previously created, as well as "out".

This bug was fixed in the package gui-ufw - 10.04.5-0ubuntu0.1

---------------
gui-ufw (10.04.5-0ubuntu0.1) lucid-proposed; urgency=low

  * New bug-fix only upstream release (LP: #581091, #578404, #569881).
 -- Devid Antonio Filoni <email address hidden> Tue, 18 May 2010 20:55:42 +0200