Public bug reported:
Hello!
I've found what I think might be a bug in the `ufw status [verbose]`
output.
**Background**
I have an SQL server running directly on the host listening on port 3306.
I have serviceA running in a Docker container, attached to bridge "serviceA".
I would like to allow serviceA to talk to the SQL server on port
3306/tcp.
**UFW command**
`ufw allow in on serviceA to any port 3306 proto tcp comment "ServiceA: MySQL
access"`
**user.rules**
```
### tuple ### allow tcp 3306 0.0.0.0/0 any 0.0.0.0/0 in_serviceA
comment=53657276696365413a204d7953514c20616363657373
-A ufw-user-input -i serviceA -p tcp --dport 3306 -j ACCEPT
```
So far everything is good. The iptables rule is generated as expected and
traffic is allowed.
But I find the "ufw status verbose" output very confusing:
```
To Action From
-- ------ ----
3306/tcp on serviceA ALLOW IN Anywhere # ServiceA:
MySQL access
```
Here it looks like we are allowing traffic To port 3306 on serviceA
(from anywhere).
Instead I would expect the following output:
```
To Action From
-- ------ ----
3306/tcp ALLOW IN Anywhere on serviceA # ServiceA:
MySQL access
```
This is very confusing and could make administrators think that the
system is secure, when it's not, or lead to lots of unnecessary
troubleshooting.
I'm using UFW 0.36.2 on Ubuntu 24.04.
** Affects: ufw
Importance: Undecided
Status: New
** Affects: ufw (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Hello!
I've found what I think might be a bug in the `ufw status [verbose]`
output.
**Background**
I have an SQL server running directly on the host listening on port 3306.
I have serviceA running in a Docker container, attached to bridge "serviceA".
I would like to allow serviceA to talk to the SQL server on port
3306/tcp.
**UFW command**
`ufw allow in on serviceA to any port 3306 proto tcp comment "ServiceA: MySQL
access"`
**user.rules**
```
### tuple ### allow tcp 3306 0.0.0.0/0 any 0.0.0.0/0 in_serviceA
comment=53657276696365413a204d7953514c20616363657373
-A ufw-user-input -i serviceA -p tcp --dport 3306 -j ACCEPT
```
So far everything is good. The iptables rule is generated as expected and
traffic is allowed.
But I find the "ufw status verbose" output very confusing:
```
To Action From
-- ------ ----
3306/tcp on serviceA ALLOW IN Anywhere # ServiceA:
MySQL access
```
Here it looks like we are allowing traffic To port 3306 on serviceA
(from anywhere).
Instead I would expect the following output:
```
To Action From
-- ------ ----
3306/tcp ALLOW IN Anywhere on serviceA # ServiceA:
MySQL access
```
This is very confusing and could make administrators think that the
system is secure, when it's not, or lead to lots of unnecessary
troubleshooting.
+
+ I'm using UFW 0.36.2 on Ubuntu 24.04.
** Also affects: ufw (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2075395
Title:
status description lists "in" interface in "to" column
To manage notifications about this bug go to:
https://bugs.launchpad.net/ufw/+bug/2075395/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
