Ubuntu
apache2 package

Add UFW profile integration with apache2

Bug #261198 reported by Didier Roche-Tolomelli on 2008-08-25

6

Affects		Status	Importance	Assigned to	Milestone
	apache2 (Ubuntu)	Fix Released	Undecided	Jamie Strandboge

Bug Description

Ubuntu FireWall have now some features to integrate profiles from different application. Instead of knowing the ports on which xxx service is running, the administrator have different profiles and can create some rules on the profile instead of updating the targeted port.

For that, we need to add some files to /etc/ufw/applications.d/ and add automatically a rule to this profile regarding the ufw current policy.

Related branches

lp:ubuntu/lucid/apache2

Didier Roche-Tolomelli (didrocks) on 2008-08-25

Changed in apache2:
assignee:	nobody → didrocks
status:	New → Confirmed

Revision history for this message

Didier Roche-Tolomelli (didrocks) wrote on 2008-08-25:

#1

Here is the debdiff file implementing those changes.
As apache2 only uses http (port 80) by default, only the Apache profile is added by default.

More information on https://wiki.ubuntu.com/DidierRoche/MOTU/bugsaction#Add%20ufw%20rules%20to%20apache.%20Bug%20#261198

Changed in apache2:
assignee:	didrocks → nobody

Revision history for this message

Didier Roche-Tolomelli (didrocks) wrote on 2008-08-25:

#2

New version as kees uploaded one version during this time.

  * add ufw integration (see
    https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
    (LP: #261198)
    - debian/control: suggest ufw for apache2.2-common
    - add apache2.2-common.ufw.profile with 3 profiles and install it to
      /etc/ufw/applications.d/apache2.2-common
    - apache2.2-common.postinst: add Apache rules as default
    - apache2.2-common.postrm: remove the profile on --purge

Revision history for this message

Didier Roche-Tolomelli (didrocks) wrote on 2008-08-26:

#3

apache2_2.2.9-3ubuntu2.debdiff Edit (4.0 KiB, text/plain)

Comment from mathiaz:
[18:39] <mathiaz> nxvl: as of intrepid, apache2 comes with ssl ootb
[18:40] <mathiaz> nxvl: apache2 depends on ssl-cert and uses the snake-oil-cert
IIRC

So, make Apache Full profile as default.

  * add ufw integration (see
    https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
    (LP: #261198)
    - debian/control: suggest ufw for apache2.2-common
    - add apache2.2-common.ufw.profile with 3 profiles and install it to
      /etc/ufw/applications.d/apache2.2-common
    - apache2.2-common.postinst: add "Apache Full" rules as default as apache2
      now depends on ssl-cert and uses the snake-oil-cert
    - apache2.2-common.postrm: remove the profile on --purge

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2008-08-27:

#4

Uploaded new version that uses dpkg triggers. Thanks for your work Didier!

Changed in apache2:
assignee:	nobody → jdstrand
status:	Confirmed → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-08-27:

#5

This bug was fixed in the package apache2 - 2.2.9-3ubuntu2

---------------
apache2 (2.2.9-3ubuntu2) intrepid; urgency=low

  * add ufw integration (see
    https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
    (LP: #261198)
    - debian/control: suggest ufw for apache2.2-common
    - add apache2.2-common.ufw.profile with 3 profiles and install it to
      /etc/ufw/applications.d/apache2.2-common

-- Didier Roche <email address hidden> Tue, 26 Aug 2008 19:03:42 +0200

Changed in apache2:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

apache2_2.2.9-3ubuntu2.debdiff Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.