Public bug reported: The iptables package isn't flushing all tables on removal of the package and the tables still exist until reboot. Intended behavior should be to flush all tables via a dpkg pre-removal script. I'm not sure of any use case where the intended behavior would be to keep the current rules in place but not have iptables available.
root@ip-10-224-187-201:/home/cwarner# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- 127.0.0.0/8 anywhere ACCEPT tcp -- anywhere anywhere state ESTABLISHED ACCEPT udp -- anywhere anywhere state ESTABLISHED ACCEPT icmp -- anywhere anywhere state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW ACCEPT udp -- anywhere anywhere udp dpt:bootpc state NEW ACCEPT udp -- anywhere anywhere udp dpt:ntp state NEW ACCEPT udp -- anywhere anywhere udp dpt:323 state NEW Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED ACCEPT udp -- anywhere anywhere state NEW,ESTABLISHED ACCEPT icmp -- anywhere anywhere state NEW,ESTABLISHED root@ip-10-224-187-201:/home/cwarner# apt remove iptables Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: iptables 0 upgraded, 0 newly installed, 1 to remove and 2 not upgraded. After this operation, 1,663 kB disk space will be freed. Do you want to continue? [Y/n] Y (Reading database ... 91459 files and directories currently installed.) Removing iptables (1.6.0-2ubuntu3) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... Processing triggers for man-db (2.7.5-1) ... *Rules are still in place* root@ip-10-224-187-201:/home/cwarner# apt install iptables Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: iptables 0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded. Need to get 266 kB of archives. After this operation, 1,663 kB of additional disk space will be used. Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 iptables amd64 1.6.0-2ubuntu3 [266 kB] Fetched 266 kB in 0s (7,629 kB/s) Selecting previously unselected package iptables. (Reading database ... 91286 files and directories currently installed.) Preparing to unpack .../iptables_1.6.0-2ubuntu3_amd64.deb ... Unpacking iptables (1.6.0-2ubuntu3) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... Processing triggers for man-db (2.7.5-1) ... Setting up iptables (1.6.0-2ubuntu3) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... root@ip-10-224-187-201:/home/cwarner# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- 127.0.0.0/8 anywhere ACCEPT tcp -- anywhere anywhere state ESTABLISHED ACCEPT udp -- anywhere anywhere state ESTABLISHED ACCEPT icmp -- anywhere anywhere state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW ACCEPT udp -- anywhere anywhere udp dpt:bootpc state NEW ACCEPT udp -- anywhere anywhere udp dpt:ntp state NEW ACCEPT udp -- anywhere anywhere udp dpt:323 state NEW Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED ACCEPT udp -- anywhere anywhere state NEW,ESTABLISHED ACCEPT icmp -- anywhere anywhere state NEW,ESTABLISHED Same rules, still in place. ** Affects: iptables (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1816811 Title: iptables package doesn't flush table on removal of package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1816811/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
