Cristian Balan
E.g
When creating a Network rule via UI, it creates the following rule:
ufw allow from 10.131.34.164 to any port 3306 proto tcp comment 'joshua'
When we edit the rule, it creates another one with the old way without the protocol:
ufw allow from 10.131.34.164 to any port 3306 comment 'mysql-joshua'
When deleting the rule, it deletes the original one while the one without protocol and updated comment is left behind.
Cristian Balan
Item authorI have updated the description.
Cristian Balan
Item authorUpdate: I have edited an existing rule and it created the duplicate rule due to the bug. However, this time when I have deleted the rule from the UI, both rules remained in place on the server (logs say: "Could not delete non-existent rule").
This has security implications in both cases, when editing to update an IP and creating the unintended duplicate, as well as when deleting the rule as it doesn't.
Cristian Balan
Item authorThis goes hand in hand with https://roadmap.ploi.io/projects/7-bugs/items/1038-add-web-worker-ip-to-the-ufw-rules-when-updating-default-network-ssh-rule
Editing Network rule creates ufw duplicates
-
Dennis moved item to board Planned
1 year ago -
Cristian Balan moved item to project Bugs
1 year ago -
Cristian Balan created the item
1 year ago