ufw matching for application rule deletion is too greedy
Bug #260881 reported by
Jamie Strandboge
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ufw (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge | ||
Bug Description
Binary package hint: ufw
New in 0.20, ufw allows application rules. So users can run:
# ufw allow Apache
However, ufw is too greedy when deciding what rules to delete. Eg:
# ufw allow Apache
# ufw delete deny Apache
Doing the above deletes the 'allow' rule, but it shouldn't. Deleting non-application rules works properly.
Related branches
| Changed in ufw: | |
| assignee: | nobody → jdstrand |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in ufw: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in ufw: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package ufw - 0.21
---------------
ufw (0.21) intrepid; urgency=low
* add confirmation on enable when running under ssh (LP: #253840)
* don't reload the firewall on 'app update' when running under ssh
* update ufw.pot
* fix some pygettext errors
* warn if profile name is found in /etc/services
* don't delete application rules when the action doesn't match
(LP: #260881)
* add reload command
* added debian/triggers and update debian/postinst for use with dpkg
triggers (thanks Colin Watson for the suggestion)
* add 'app update all' command
* update man page for reload and 'app update all'
-- Jamie Strandboge <email address hidden> Mon, 18 Aug 2008 20:22:32 -0400