Ubuntu
ufw package

ufw breaks sendto, even when disabled

Bug #1377651 reported by Greg Hazel on 2014-10-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ufw (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

I enabled ufw to try it out, with the default settings. I disabled it, but I still get errors when trying to use sendto() to localhost:

Errno::EPERM - Operation not permitted - sendto(2)

/var/log/syslog is full of:

Oct 5 14:42:14 host kernel: [9194390.533505] nf_conntrack: table full, dropping packet.

Revision history for this message

Stephen Michael Kellat (skellat) wrote on 2014-10-13:

This would directly impact ufw instead of xubuntu-meta as xubuntu-meta doesn't contain firewall rules.

affects:

xubuntu-meta (Ubuntu) → ufw (Ubuntu)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2015-01-06:

This isn't a bug in ufw, but rather something that needs to be tuned for your system. You might be interested in reading:
http://security.stackexchange.com/questions/43205/nf-conntrack-table-full-dropping-packet

It could be argued that ufw should have cleared the table when disabled, but this would likely result in more problems for people who disable ufw and not seeing this problem.

Changed in ufw (Ubuntu):
status:	New → Invalid

Revision history for this message

Greg Hazel (ghazelgmail.com) wrote on 2015-01-06:

I disagree. Enabling ufw broke things, and disabling it should put them back in working order. Also, ufw probably shouldn't break things when enabled.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuufw package

ufw breaks sendto, even when disabled

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
ufw package