Noble upgrade breaks iptables-persistent and netfilter-persistent usage
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Release Notes for Ubuntu |
New
|
Undecided
|
Unassigned | ||
ubuntu-release-upgrader (Ubuntu) |
Fix Released
|
Undecided
|
Nick Rosbrook | ||
Noble |
Fix Released
|
Undecided
|
Nick Rosbrook |
Bug Description
[Impact]
ufw and -persistent packages both manage the firewall, hence they conflict but they accidentally had no conflicts in jammy. If both are installed, persistent packages will store and restore firewall configuration, so ufw cannot really be used.
Noble adds a conflicts from ufw to the persistent packages, but we end up removing the persistent packages rather than the ufw which is wrong - they are in charge.
[Test plan]
persistent and netfilter-
[Where problems could occur]
There may be ufw reverse dependencies that could get removed.
[Other Info]
The fix (released) in 1:24.04.15 is reverted and improved in 1:24.04.17 (upload).
[Original bug report]
Upgrade from Jammy to Noble breaks iptables-persistent and netfilter-
from /var/log/
Broken ufw:amd64 Breaks on iptables-
Considering iptables-
Added iptables-
Conflicts//Breaks against version 1.0.16 for iptables-persistent but that is not InstVer, ignoring
Broken ufw:amd64 Breaks on netfilter-
Considering netfilter-
Added netfilter-
Conflicts//Breaks against version 1.0.16 for netfilter-
MarkDelete iptables-
Fixing ufw:amd64 via remove of iptables-
MarkDelete netfilter-
Fixing ufw:amd64 via remove of netfilter-
ufw 0.36.2-1 add the breaks
$ apt show ufw
Package: ufw
Version: 0.36.2-6
Priority: standard
Section: admin
Origin: Ubuntu
Maintainer: Jamie Strandboge <email address hidden>
Bugs: https:/
Installed-Size: 869 kB
Depends: iptables, ucf, python3:any, debconf (>= 0.5) | debconf-2.0
Suggests: rsyslog
Breaks: iptables-
Homepage: https:/
Task: standard
Download-Size: 169 kB
APT-Manual-
APT-Sources: http://
Description: program for managing a Netfilter firewall
The Uncomplicated FireWall is a front-end for iptables, to make managing a
Netfilter firewall easier. It provides a command line interface with syntax
similar to OpenBSD's Packet Filter. It is particularly well-suited as a
host-based firewall.
Post do-release-upgrade, iptables-persistent and netfilter-
Related branches
- Julian Andres Klode: Approve
-
Diff: 65 lines (+38/-1)2 files modifiedDistUpgrade/DistUpgradeQuirks.py (+37/-0)
data/DistUpgrade.cfg.jammy (+1/-1)
Changed in ubuntu-release-upgrader (Ubuntu Noble): | |
milestone: | none → ubuntu-24.04 |
Changed in ubuntu-release-upgrader (Ubuntu Noble): | |
status: | New → Triaged |
Changed in ubuntu-release-upgrader (Ubuntu Noble): | |
status: | Triaged → In Progress |
assignee: | nobody → Nick Rosbrook (enr0n) |
Changed in ubuntu-release-upgrader (Ubuntu Noble): | |
status: | Fix Released → In Progress |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
information type: | Public → Public Security |
This bug was fixed in the package ubuntu- release- upgrader - 1:24.04.15
--------------- release- upgrader (1:24.04.15) noble; urgency=medium
ubuntu-
* DistUpgrade. cfg.jammy: keep {netfilter, iptables} -persistent installed
(LP: #2061891)
* Run pre-build.sh: updating mirrors, demotions, and translations.
-- Nick Rosbrook <email address hidden> Wed, 17 Apr 2024 17:10:33 -0400