Your message dated Thu, 1 Nov 2018 16:03:59 -0500
with message-id <20181101210359.GI18447@iolanthe>
and subject line Re: Bug#912595: ufw fails to start with option IPV6=yes in
/etc/default/ufw ERROR: unknown option "--icmpv6-type"
has caused the Debian Bug report #912595,
regarding ufw fails to start with option IPV6=yes in /etc/default/ufw ERROR:
unknown option "--icmpv6-type"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
912595: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912595
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ufw
Version: 0.35-6
Severity: grave
Tags: security a11y
Justification: user security hole
Dear Maintainer,
1.) Surprisingly ENABLED is set to ENABLED=no in /etc/ufw/ufw.conf after
upgrade.
2.) Setting option "IPV6=yes" in /etc/default/ufw produces an error:
root@mysystem # ufw enable
ERROR: problem running ufw-init
ip6tables-restore v1.8.1 (nf_tables): unknown option "--icmpv6-type"
Error occurred at line: 38
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Problem:
-> /etc/ufw/before6.rules
Setting "IPV6=no" leads to normal operation (without IPV6 support of course)
root@mysystem # systemctl status ufw.service
● ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset:
enabled)
Active: active (exited) since Thu 2018-11-01 17:31:18 CET; 7min ago
Docs: man:ufw(8)
Process: 7103 ExecStop=/lib/ufw/ufw-init stop (code=exited, status=0/SUCCESS)
Process: 7822 ExecStart=/lib/ufw/ufw-init start quiet (code=exited,
status=0/SUCCESS)
Main PID: 7822 (code=exited, status=0/SUCCESS)
Nov 01 17:31:18 mysystem systemd[1]: Starting Uncomplicated firewall...
Nov 01 17:31:18 mysystem systemd[1]: Started Uncomplicated firewall.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ufw depends on:
ii debconf [debconf-2.0] 1.5.69
ii iptables 1.8.1-2
ii lsb-base 9.20170808
ii python3 3.6.7-1
ii ucf 3.0038
ufw recommends no packages.
Versions of packages ufw suggests:
ii rsyslog 8.38.0-1+b1
-- Configuration Files:
/etc/default/ufw changed:
IPV6=yes
DEFAULT_INPUT_POLICY="ACCEPT"
DEFAULT_OUTPUT_POLICY="ACCEPT"
DEFAULT_FORWARD_POLICY="DROP"
DEFAULT_APPLICATION_POLICY="SKIP"
MANAGE_BUILTINS=no
IPT_SYSCTL=/etc/ufw/sysctl.conf
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"
-- debconf information:
* ufw/existing_configuration:
ufw/allow_custom_ports:
ufw/enable: true
ufw/allow_known_ports:
--
--- End Message ---
--- Begin Message ---
This bug relates to kernel configuration (which might be incompatible with
the latest iptables 1.8) and is therefore not a bug in ufw.
--
Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
--- End Message ---
