Ubuntu
ufw package

  1. Bug #289906
  2. Comment #3

Comment 3 for bug 289906

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

For user's of earlier versions of ufw, you can work around this by adjusting these lines in /etc/ufw/before.rules:
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW BLOCK INVALID]: "
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

to be:
-A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m state --state INVALID -j LOG --log-prefix "[UFW BLOCK INVALID]: "
-A ufw-before-input -m state --state INVALID -j DROP

Of course, your kernel must be configured for stateful filtering for this to work.