Public bug reported: Binary package hint: ufw
I am using Ubuntu 8.10 server (2.6.27-11-server), ufw v0.23.3. I am using it as a firewall / NAT router for my home network. I am using ipv6, and to get around the problem of enabling IPv6 forwarding have added ipv6 to /etc/modules. After rebooting if I run "sudo ufw status" then I get "Status: not loaded". I can successfully enable it manually by running "sudo ufw enable". I can then query my rules successfully: Status: loaded To Action From -- ------ ---- Anywhere ALLOW 192.168.10.0/24 22/tcp ALLOW 192.168.10.0/24 80/tcp ALLOW Anywhere 53/tcp ALLOW 192.168.10.0/24 53/udp ALLOW 192.168.10.0/24 67/udp ALLOW Anywhere 80/tcp ALLOW Anywhere (v6) 67/udp ALLOW Anywhere (v6) Contents of /etc/ufw/ufw.conf: # /etc/ufw/ufw.conf # # set to yes to start on boot ENABLED=yes Contents of /etc/default/ufw: # /etc/default/ufw # # set to yes to apply rules to support IPv6 (no means only IPv6 on loopback # accepted). You will need to 'disable' and then 'enable' the firewall for # the changes to take affect. IPV6=yes # set the default input policy to ACCEPT or DROP. Please note that if you # change this you will most likely want to adjust your rules DEFAULT_INPUT_POLICY="DROP" # set the default output policy to ACCEPT or DROP. Please note that if you # change this you will most likely want to adjust your rules DEFAULT_OUTPUT_POLICY="ACCEPT" # set the default forward policy to ACCEPT or DROP. Please note that if you # change this you will most likely want to adjust your rules DEFAULT_FORWARD_POLICY="ACCEPT" # set the default application policy to ACCEPT, DROP or SKIP. Please note that # setting this to ACCEPT may be a security risk. See 'man ufw' for details DEFAULT_APPLICATION_POLICY="SKIP" # # IPT backend # # only enable if using iptables backend IPT_SYSCTL=/etc/ufw/sysctl.conf # extra connection tracking modules to load IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc" Contents of /etc/ufw/sysctl.conf: # # Configuration file for setting network variables. Please note these settings # override /etc/sysctl.conf. If you prefer to use /etc/sysctl.conf, please # adjust IPT_SYSCTL in /etc/default/ufw. # # Uncomment this to allow this host to route packets between interfaces net/ipv4/ip_forward=1 net/ipv6/conf/default/forwarding=1 # Turn on Source Address Verification in all interfaces to prevent some # spoofing attacks net/ipv4/conf/all/rp_filter=1 net/ipv4/conf/default/rp_filter=1 # Do not accept IP source route packets (we are not a router) net/ipv4/conf/all/accept_source_route=0 net/ipv4/conf/default/accept_source_route=0 net/ipv6/conf/all/accept_source_route=0 net/ipv6/conf/default/accept_source_route=0 # Do not accept ICMP redirects (prevent MITM attacks) net/ipv4/conf/all/accept_redirects=0 net/ipv4/conf/default/accept_redirects=0 net/ipv6/conf/all/accept_redirects=0 net/ipv6/conf/default/accept_redirects=0 # Ignore bogus ICMP errors net/ipv4/icmp_echo_ignore_broadcasts=1 net/ipv4/icmp_ignore_bogus_error_responses=1 net/ipv4/icmp_echo_ignore_all=0 # Don't log Martian Packets net/ipv4/conf/all/log_martians=0 net/ipv4/conf/default/log_martians=0 # Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling # (http://lkml.org/lkml/2008/2/5/167) net/ipv4/tcp_syncookies=0 #net/ipv4/tcp_fin_timeout=30 #net/ipv4/tcp_keepalive_intvl=1800 # normally allowing tcp_sack is ok, but if going through OpenBSD 3.8 RELEASE or # earlier pf firewall, should set this to 0 net/ipv4/tcp_sack=1 ** Affects: ufw (Ubuntu) Importance: Undecided Status: New -- ufw doesn't load automatically at startup https://bugs.launchpad.net/bugs/357948 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
