ufw

Merge ~mfo/ufw:lp1946804 into ufw:master

  1. Git
  2. lp:~mfo/ufw
  3. lp1946804
  4. Merge into master
Proposed by Mauricio Faria de Oliveira
Status: Merged
Merged at revision: 4d25bd6635a493ae10c1984bfe16fb31e3903198
Proposed branch: ~mfo/ufw:lp1946804
Merge into: ufw:master
Diff against target: 66 lines (+25/-23)
1 file modified
src/ufw-init-functions (+25/-23)
Reviewer Review Type Date Requested Status
Jamie Strandboge Approve
Review via email: mp+410091@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

The comparison of `iptables -L` before/after shows no differences (verified on a local rootfs).

`run_tests.sh` has 0 skipped/errors.

------------------------
Functional tests summary
------------------------
Attempted: 22 (3339 individual tests)
Skipped: 0
Errors: 0

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I'm away from my computer, but this looks ok to me. I'll work through this more fully and commit tomorrow, but I think you're good for Ubuntu uploads if this is urgent.

Thanks!

review: Approve
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Thanks for the quick response!

This is not urgent, so it can wait a full review + commit.

If this is merged into master, should I send PRs for the
ubuntu/master and debian/master branches? (for the devel
release.)

I can handle the SRUs for Ubuntu, and ask a core-dev for
sponsoring to the devel release (or let you handle it if
you prefer -- just let me know! :)

Thanks!

Revision history for this message
Jamie Strandboge (jdstrand) wrote (last edit ):

If you send up a PR for debian/master, then I'll upload to Debian and sync to the devel release. Don't worry about ubuntu/master (I only update that if the latest release is different from debian/master, so it is a little out of date atm).

For the Ubuntu SRUs, if you were feeling (even more) industrious, it would be nice to pull in 632cda034f7b96d07667b06d39b6eb396c0e611f to fix https://launchpad.net/bugs/1933117 for 18.04 and later. By all means don't feel that this is required, but the fix is in Debian, impish and the snap already, so if this sounds like something you'd like to do, it just needs the SRU paperwork and processing.

Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Ok, I just submitted a PR for debian/master. [1]

Sure, I'll take a look at adding that commit.

cheers.

[1] https://code.launchpad.net/~mfo/ufw/+git/ufw/+merge/410152

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/src/ufw-init-functions b/src/ufw-init-functions
index feac8e2..f0dd7f5 100755
--- a/src/ufw-init-functions
+++ b/src/ufw-init-functions
@@ -168,29 +168,6 @@ ufw_start() {
168 AFTER_RULES="$RULES_PATH/after${type}.rules"168 AFTER_RULES="$RULES_PATH/after${type}.rules"
169 USER_RULES="$USER_PATH/user${type}.rules"169 USER_RULES="$USER_PATH/user${type}.rules"
170170
171 # set the default policy
172 input_pol="$DEFAULT_INPUT_POLICY"
173 if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then
174 input_pol="DROP"
175 fi
176
177 output_pol="$DEFAULT_OUTPUT_POLICY"
178 if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then
179 output_pol="DROP"
180 fi
181
182 forward_pol="$DEFAULT_FORWARD_POLICY"
183 if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then
184 forward_pol="DROP"
185 fi
186
187 printf "*filter\n"\
188"# builtin chains\n"\
189":INPUT %s [0:0]\n"\
190":FORWARD %s [0:0]\n"\
191":OUTPUT %s [0:0]\n"\
192"COMMIT\n" $input_pol $forward_pol $output_pol | $exe-restore -n || error="yes"
193
194 # flush the chains (if they exist)171 # flush the chains (if they exist)
195 if $exe -L ufw${type}-before-logging-input -n >/dev/null 2>&1 ; then172 if $exe -L ufw${type}-before-logging-input -n >/dev/null 2>&1 ; then
196 delete_chains $type || error="yes"173 delete_chains $type || error="yes"
@@ -378,6 +355,31 @@ ufw_start() {
378 out="${out}\nCouldn't find '$USER_RULES'"355 out="${out}\nCouldn't find '$USER_RULES'"
379 error="yes"356 error="yes"
380 fi357 fi
358
359 # set the default policy
360 # (do this after loading rules so not to break
361 # network rootfs w/ INPUT DROP during ufw init.)
362 input_pol="$DEFAULT_INPUT_POLICY"
363 if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then
364 input_pol="DROP"
365 fi
366
367 output_pol="$DEFAULT_OUTPUT_POLICY"
368 if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then
369 output_pol="DROP"
370 fi
371
372 forward_pol="$DEFAULT_FORWARD_POLICY"
373 if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then
374 forward_pol="DROP"
375 fi
376
377 printf "*filter\n"\
378"# builtin chains\n"\
379":INPUT %s [0:0]\n"\
380":FORWARD %s [0:0]\n"\
381":OUTPUT %s [0:0]\n"\
382"COMMIT\n" $input_pol $forward_pol $output_pol | $exe-restore -n || error="yes"
381 done383 done
382384
383 if [ ! -z "$IPT_SYSCTL" ] && [ -s "$IPT_SYSCTL" ]; then385 if [ ! -z "$IPT_SYSCTL" ] && [ -s "$IPT_SYSCTL" ]; then

Subscribers

People subscribed via source and target branches