ufw

lp:ufw

Created by Jamie Strandboge and last modified
Get this branch:
bzr branch lp:ufw

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Jamie Strandboge
Project:
ufw
Status:
Development

Import details

Import Status: Reviewed

This branch is an import of the HEAD branch of the Git repository at https://git.launchpad.net/ufw.

The next import is scheduled to run .

Last successful import was .

Import started on juju-1e3bde-prod-lp-code-import-13 and finished taking 25 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-12 and finished taking 20 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-17 and finished taking 20 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-16 and finished taking 20 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-15 and finished taking 15 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-15 and finished taking 15 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-14 and finished taking 20 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-13 and finished taking 20 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-13 and finished taking 20 seconds — see the log
Import started on juju-1e3bde-prod-lp-code-import-13 and finished taking 15 seconds — see the log

Recent revisions

1134. By Jamie Strandboge

systemd.example: remove DefaultDependencies=no

The systemd unit has historically always used DefaultDependencies=no.
When only Before=network.target was used, the dependencies (as seen with
'systemctl list-dependencies ufw.service') were:

ufw.service
 |_system.slice

When Before=network.target was changed to Before=network-pre.target and
Wants=network-pre.target, this became:

ufw.service
 |_system.slice
 |_network-pre.target

Removing DefaultDependencies=no (DefaultDependencies defaults to 'yes')
pulls in the sysinit.target which changes this to (on a Debian 11
system):

ufw.service
 |_system.slice
 |_network-pre.target
 |_sysinit.target
   |_apparmor.service
   |_blk-availability.service
   |_dev-hugepages.mount
   |_dev-mqueue.mount
   |_keyboard-setup.service
   |_kmod-static-nodes.service
   |_lvm2-lvmpolld.socket
   |_lvm2-monitor.service
   |_proc-sys-fs-binfmt_misc.automount
   |_sys-fs-fuse-connections.mount
   |_sys-kernel-config.mount
   |_sys-kernel-debug.mount
   |_sys-kernel-tracing.mount
   |_systemd-ask-password-console.path
   |_systemd-binfmt.service
   |_systemd-boot-system-token.service
   |_systemd-hwdb-update.service
   |_systemd-journal-flush.service
   |_systemd-journald.service
   |_systemd-machine-id-commit.service
   |_systemd-modules-load.service
   |_systemd-pstore.service
   |_systemd-random-seed.service
   |_systemd-sysctl.service
   |_systemd-sysusers.service
   |_systemd-timesyncd.service
   |_systemd-tmpfiles-setup-dev.service
   |_systemd-tmpfiles-setup.service
   |_systemd-udev-trigger.service
   |_systemd-udevd.service
   |_systemd-update-utmp.service
   |_cryptsetup.target
     |_systemd-cryptsetup@vda5_crypt.service
   |_local-fs.target
     |_-.mount
     |_boot.mount
     |_systemd-fsck-root.service
     |_systemd-remount-fs.service
   |_swap.target
     |_dev-mapper-debian\x2d\x2dbuster\x2d\x2damd64\x2d\x2dvg\x2dswap_1.swap

While ufw is meant to come up before networking, there is no reason why
it shouldn't come up after 'basic system initialization is
completed'[1]. This should help make ufw startup more robust on systems
that need something from sysinit.

[1]https://www.freedesktop.org/software/systemd/man/systemd.unit.html

1133. By Jamie Strandboge

systemd.example: add Conflicts on various firewall software

Problems with ufw start most often have to do with other firewall
software getting in the way. Take a page from firewalld's systemd unit
and add a Conflicts on iptables, ip6tables, nftables and firewalld

1132. By Jamie Strandboge

systemd.example: add Documentation and put Before before Wants (cosmetic)

1131. By Jamie Strandboge

src/ufw-init-functions: add another default policy comment

1130. By Jamie Strandboge

update ChangeLog for last commit

1129. By Mauricio Faria de Oliveira

src/ufw-init-functions: set default policy after loading rules

If default input policy of DROP (default setting in ufw) is set
before loading rules to allow a network root filesystem to work,
it freezes before loading them, and the boot process stalls.

Just set default policy after loading rules, as the snippet for
ip[6]tables-restore has -n/--noflush, which doesn't flush other
rules in the builtin chains.

The output of iptables -L is identical before/after.

https://bugs.launchpad.net/bugs/1946804

Signed-off-by: Mauricio Faria de Oliveira <email address hidden>

1128. By Jamie Strandboge

tests/check-requirements: revert 29c210e5 (too lenient) and update for 3.9

For a distribution it is arguably ok to modify this script for arbitrary
python versions but as an upstream it represents what it has been tested
against.

1127. By Jamie Strandboge

AUTHORS,setup.py: use updated email address

1126. By Jamie Strandboge

tests/check-requirements: ix python version check for Python >= 3.9

Patch thanks to Matthias Klose <email address hidden>

References:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975912

1125. By Jamie Strandboge

src/ufw: adjust version year

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers