** Description changed: + [Impact] + + ufw's interface name's or both too strict (this bug) and too loose + (iptables has its own limits). Adjust the interface name checks to match + those of the kernel. + + [Test Case] + + $ sudo ufw --dry-run allow in on i-1|grep i-1 + ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_i-1 + -A ufw-user-input -i i-1 -j ACCEPT + ### tuple ### allow any any ::/0 any ::/0 in_i-1 + -A ufw6-user-input -i i-1 -j ACCEPT + + With an unpatched ufw, the above results in: + + $ sudo ufw --dry-run allow in on i-1|grep i-1 + ERROR: Bad interface name + + [Regression Potential] + + Risk of regression is considered low since the updated allow more than + what is currently allowed, but not more than what iptables allows. See: + + https://git.launchpad.net/ufw/tree/src/common.py?h=release/0.36#n295 + + + = Original description = + Is there a reason to restrict interface's name in ufw? Should ufw accept what iptables accept as iface name? I've a vpn with lot of nodes, its iface name contain a '-' so cannot use ufw on it. I've found the check here and cannot found a reason for it: http://bazaar.launchpad.net/~jdstrand/ufw/trunk/view/head:/src/common.py#L300 thanks
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1719211 Title: Bad interface name Status in ufw package in Ubuntu: Fix Released Status in ufw source package in Bionic: Triaged Status in ufw source package in Cosmic: Triaged Status in ufw source package in Disco: Fix Released Bug description: [Impact] ufw's interface name's or both too strict (this bug) and too loose (iptables has its own limits). Adjust the interface name checks to match those of the kernel. [Test Case] $ sudo ufw --dry-run allow in on i-1|grep i-1 ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_i-1 -A ufw-user-input -i i-1 -j ACCEPT ### tuple ### allow any any ::/0 any ::/0 in_i-1 -A ufw6-user-input -i i-1 -j ACCEPT With an unpatched ufw, the above results in: $ sudo ufw --dry-run allow in on i-1|grep i-1 ERROR: Bad interface name [Regression Potential] Risk of regression is considered low since the updated allow more than what is currently allowed, but not more than what iptables allows. See: https://git.launchpad.net/ufw/tree/src/common.py?h=release/0.36#n295 = Original description = Is there a reason to restrict interface's name in ufw? Should ufw accept what iptables accept as iface name? I've a vpn with lot of nodes, its iface name contain a '-' so cannot use ufw on it. I've found the check here and cannot found a reason for it: http://bazaar.launchpad.net/~jdstrand/ufw/trunk/view/head:/src/common.py#L300 thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1719211/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
