Thank you for filing a bug.
The firewall policy is a combination of the default policy for each of
'incoming', 'outgoing' and 'routed' (forward) along with the policies
shipped in before{,6}.rules, after{,6}.rules and whatever gets added to
user{,6}.rules. Specifically, what is in before{,6}.rules is designed
with default deny for incoming (and forward), default allow for outgoing
and default accept for established connections. Considering that dhcp
uses port 68/udp for the client and port 67/udp for the server, the
shipped default policy allows:
* outgoing from this host port 68/udp to any port 67/udp (via default allow
outgoing; eg, for dhcp request)
* incoming for established connection (via before.rules RELATED,ESTABLISHED;
eg, dhcp reply from the server we connected to on port 67/udp)
* incoming from port 67/udp (via the before.rules you mentioned; eg, for a
server responding to the broadcast)
I suspect that you've updated your default policy to deny to perform
egress filtering so you need to add a corresponding 'ufw allow out to
any port 67 proto udp comment "dhcp discover"' rule or similar.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1882484
Title:
Firewall rule in before.rules for dhcp is wrong
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1882484/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
