Comment 16 for bug 194844
Revision history for this message
| Jamie Strandboge (jdstrand) wrote Re: ufw complains when ipv6 is blacklisted | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I. Users of ufw with kernels that do not have ipv6 and/or ip6_tables available see confusing error messages when enabling the firewall. ip6_tables is not available in the -virtual kernel, as well as other virtualization kernels. ufw does not require that ipv6 be available, and the errors are not fatal with regard to ipv4 rules still working.
II. this has been fixed in 0.18.2 (will be uploaded after alpha freeze). /etc/init.d/ufw has been adjusted to use 'ip6tables -L INPUT' to check if ipv6 firewall support is available. Previously, ufw attempted to detect ipv6 support by seeing it /proc/sys/net/ipv6 existed. This was not enough as some shipped kernels have ipv6 support, but not ipv6 firewall (ie ip6_tables) support enabled. Checking the return code of ' ip6tables -L INPUT' is a convenient check for both.
III. debdiff is attached that addresses this bug and bug #251355 (also SRU candidate).
IV. TEST CASE
1. install -virtual kernel and reboot into it
2. sudo ufw enable (lot's of error output)
3. sudo /etc/init.d/ufw stop (lot's of error output)
4. sudo /etc/init.d/ufw restart (lot's of error output)
5. sudo /etc/init.d/ufw force-reload
V. It is believed there is no regression potential for this patch. See bug #251355 for further discussion regarding it's changes.