[Bug 2061891] Re: Noble upgrade breaks iptables-persistent and netfilter-persistent usage
Julian Andres Klode
2061891 at bugs.launchpad.net
Mon Apr 29 14:49:49 UTC 2024
** Description changed:
- Upgrade from Jammy to Noble breaks iptables-persistent and netfilter-
- persistent firewall configuration if ufw is also installed pre-upgrade.
+ [Impact]
+ Upgrade from Jammy to Noble breaks iptables-persistent and netfilter-persistent firewall configuration if ufw is also installed pre-upgrade.
+ [Test plan]
+ persistent and netfilter-persistent should remain installed, and ufw removed to preserve user config.
+
+ [Where problems could occur]
+ There may be ufw reverse dependencies that could get removed.
+
+ [Original bug report]
from /var/log/dist-upgrade/apt.log:
Broken ufw:amd64 Breaks on iptables-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU >
- Considering iptables-persistent:amd64 -1 as a solution to ufw:amd64 5
- Added iptables-persistent:amd64 to the remove list
- Conflicts//Breaks against version 1.0.16 for iptables-persistent but that is not InstVer, ignoring
+ Considering iptables-persistent:amd64 -1 as a solution to ufw:amd64 5
+ Added iptables-persistent:amd64 to the remove list
+ Conflicts//Breaks against version 1.0.16 for iptables-persistent but that is not InstVer, ignoring
Broken ufw:amd64 Breaks on netfilter-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU >
- Considering netfilter-persistent:amd64 0 as a solution to ufw:amd64 5
- Added netfilter-persistent:amd64 to the remove list
- Conflicts//Breaks against version 1.0.16 for netfilter-persistent but that is not InstVer, ignoring
- MarkDelete iptables-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
- Fixing ufw:amd64 via remove of iptables-persistent:amd64
- MarkDelete netfilter-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
- Fixing ufw:amd64 via remove of netfilter-persistent:amd64
+ Considering netfilter-persistent:amd64 0 as a solution to ufw:amd64 5
+ Added netfilter-persistent:amd64 to the remove list
+ Conflicts//Breaks against version 1.0.16 for netfilter-persistent but that is not InstVer, ignoring
+ MarkDelete iptables-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
+ Fixing ufw:amd64 via remove of iptables-persistent:amd64
+ MarkDelete netfilter-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
+ Fixing ufw:amd64 via remove of netfilter-persistent:amd64
ufw 0.36.2-1 add the breaks
$ apt show ufw
Package: ufw
Version: 0.36.2-6
Priority: standard
Section: admin
Origin: Ubuntu
Maintainer: Jamie Strandboge <jdstrand at ubuntu.com>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 869 kB
Depends: iptables, ucf, python3:any, debconf (>= 0.5) | debconf-2.0
Suggests: rsyslog
Breaks: iptables-persistent, netfilter-persistent
Homepage: https://launchpad.net/ufw
Task: standard
Download-Size: 169 kB
APT-Manual-Installed: no
APT-Sources: http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu noble/main amd64 Packages
Description: program for managing a Netfilter firewall
- The Uncomplicated FireWall is a front-end for iptables, to make managing a
- Netfilter firewall easier. It provides a command line interface with syntax
- similar to OpenBSD's Packet Filter. It is particularly well-suited as a
- host-based firewall.
+ The Uncomplicated FireWall is a front-end for iptables, to make managing a
+ Netfilter firewall easier. It provides a command line interface with syntax
+ similar to OpenBSD's Packet Filter. It is particularly well-suited as a
+ host-based firewall.
Post do-release-upgrade, iptables-persistent and netfilter-persistent
are removed, which breaks any machines that relied on their
configuration.
** Description changed:
- [Impact]
- Upgrade from Jammy to Noble breaks iptables-persistent and netfilter-persistent firewall configuration if ufw is also installed pre-upgrade.
+ [Impact]
+ Upgrade from Jammy to Noble breaks iptables-persistent and netfilter-persistent firewall configuration if ufw is also installed pre-upgrade., removing them.
+
+ ufw and -persistent packages both manage the firewall, hence they
+ conflict but they accidentally had no conflicts in jammy.
+
[Test plan]
persistent and netfilter-persistent should remain installed, and ufw removed to preserve user config.
[Where problems could occur]
There may be ufw reverse dependencies that could get removed.
[Original bug report]
from /var/log/dist-upgrade/apt.log:
Broken ufw:amd64 Breaks on iptables-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU >
Considering iptables-persistent:amd64 -1 as a solution to ufw:amd64 5
Added iptables-persistent:amd64 to the remove list
Conflicts//Breaks against version 1.0.16 for iptables-persistent but that is not InstVer, ignoring
Broken ufw:amd64 Breaks on netfilter-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU >
Considering netfilter-persistent:amd64 0 as a solution to ufw:amd64 5
Added netfilter-persistent:amd64 to the remove list
Conflicts//Breaks against version 1.0.16 for netfilter-persistent but that is not InstVer, ignoring
MarkDelete iptables-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
Fixing ufw:amd64 via remove of iptables-persistent:amd64
MarkDelete netfilter-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
Fixing ufw:amd64 via remove of netfilter-persistent:amd64
ufw 0.36.2-1 add the breaks
$ apt show ufw
Package: ufw
Version: 0.36.2-6
Priority: standard
Section: admin
Origin: Ubuntu
Maintainer: Jamie Strandboge <jdstrand at ubuntu.com>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 869 kB
Depends: iptables, ucf, python3:any, debconf (>= 0.5) | debconf-2.0
Suggests: rsyslog
Breaks: iptables-persistent, netfilter-persistent
Homepage: https://launchpad.net/ufw
Task: standard
Download-Size: 169 kB
APT-Manual-Installed: no
APT-Sources: http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu noble/main amd64 Packages
Description: program for managing a Netfilter firewall
The Uncomplicated FireWall is a front-end for iptables, to make managing a
Netfilter firewall easier. It provides a command line interface with syntax
similar to OpenBSD's Packet Filter. It is particularly well-suited as a
host-based firewall.
Post do-release-upgrade, iptables-persistent and netfilter-persistent
are removed, which breaks any machines that relied on their
configuration.
** Description changed:
[Impact]
- Upgrade from Jammy to Noble breaks iptables-persistent and netfilter-persistent firewall configuration if ufw is also installed pre-upgrade., removing them.
+ ufw and -persistent packages both manage the firewall, hence they conflict but they accidentally had no conflicts in jammy. If both are installed, persistent packages will store and restore firewall configuration, so ufw cannot really be used.
- ufw and -persistent packages both manage the firewall, hence they
- conflict but they accidentally had no conflicts in jammy.
-
+ Noble adds a conflicts from ufw to the persistent packages, but we end
+ up removing the persistent packages rather than the ufw which is wrong -
+ they are in charge.
[Test plan]
persistent and netfilter-persistent should remain installed, and ufw removed to preserve user config.
[Where problems could occur]
There may be ufw reverse dependencies that could get removed.
[Original bug report]
+ Upgrade from Jammy to Noble breaks iptables-persistent and netfilter-persistent firewall configuration if ufw is also installed pre-upgrade., removing them.
+
from /var/log/dist-upgrade/apt.log:
Broken ufw:amd64 Breaks on iptables-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU >
Considering iptables-persistent:amd64 -1 as a solution to ufw:amd64 5
Added iptables-persistent:amd64 to the remove list
Conflicts//Breaks against version 1.0.16 for iptables-persistent but that is not InstVer, ignoring
Broken ufw:amd64 Breaks on netfilter-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU >
Considering netfilter-persistent:amd64 0 as a solution to ufw:amd64 5
Added netfilter-persistent:amd64 to the remove list
Conflicts//Breaks against version 1.0.16 for netfilter-persistent but that is not InstVer, ignoring
MarkDelete iptables-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
Fixing ufw:amd64 via remove of iptables-persistent:amd64
MarkDelete netfilter-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
Fixing ufw:amd64 via remove of netfilter-persistent:amd64
ufw 0.36.2-1 add the breaks
$ apt show ufw
Package: ufw
Version: 0.36.2-6
Priority: standard
Section: admin
Origin: Ubuntu
Maintainer: Jamie Strandboge <jdstrand at ubuntu.com>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 869 kB
Depends: iptables, ucf, python3:any, debconf (>= 0.5) | debconf-2.0
Suggests: rsyslog
Breaks: iptables-persistent, netfilter-persistent
Homepage: https://launchpad.net/ufw
Task: standard
Download-Size: 169 kB
APT-Manual-Installed: no
APT-Sources: http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu noble/main amd64 Packages
Description: program for managing a Netfilter firewall
The Uncomplicated FireWall is a front-end for iptables, to make managing a
Netfilter firewall easier. It provides a command line interface with syntax
similar to OpenBSD's Packet Filter. It is particularly well-suited as a
host-based firewall.
Post do-release-upgrade, iptables-persistent and netfilter-persistent
are removed, which breaks any machines that relied on their
configuration.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/2061891
Title:
Noble upgrade breaks iptables-persistent and netfilter-persistent
usage
Status in Release Notes for Ubuntu:
New
Status in ubuntu-release-upgrader package in Ubuntu:
In Progress
Status in ubuntu-release-upgrader source package in Noble:
In Progress
Bug description:
[Impact]
ufw and -persistent packages both manage the firewall, hence they conflict but they accidentally had no conflicts in jammy. If both are installed, persistent packages will store and restore firewall configuration, so ufw cannot really be used.
Noble adds a conflicts from ufw to the persistent packages, but we end
up removing the persistent packages rather than the ufw which is wrong
- they are in charge.
[Test plan]
persistent and netfilter-persistent should remain installed, and ufw removed to preserve user config.
[Where problems could occur]
There may be ufw reverse dependencies that could get removed.
[Original bug report]
Upgrade from Jammy to Noble breaks iptables-persistent and netfilter-persistent firewall configuration if ufw is also installed pre-upgrade., removing them.
from /var/log/dist-upgrade/apt.log:
Broken ufw:amd64 Breaks on iptables-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU >
Considering iptables-persistent:amd64 -1 as a solution to ufw:amd64 5
Added iptables-persistent:amd64 to the remove list
Conflicts//Breaks against version 1.0.16 for iptables-persistent but that is not InstVer, ignoring
Broken ufw:amd64 Breaks on netfilter-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU >
Considering netfilter-persistent:amd64 0 as a solution to ufw:amd64 5
Added netfilter-persistent:amd64 to the remove list
Conflicts//Breaks against version 1.0.16 for netfilter-persistent but that is not InstVer, ignoring
MarkDelete iptables-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
Fixing ufw:amd64 via remove of iptables-persistent:amd64
MarkDelete netfilter-persistent:amd64 < 1.0.16 -> 1.0.20 @ii umU > FU=0
Fixing ufw:amd64 via remove of netfilter-persistent:amd64
ufw 0.36.2-1 add the breaks
$ apt show ufw
Package: ufw
Version: 0.36.2-6
Priority: standard
Section: admin
Origin: Ubuntu
Maintainer: Jamie Strandboge <jdstrand at ubuntu.com>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 869 kB
Depends: iptables, ucf, python3:any, debconf (>= 0.5) | debconf-2.0
Suggests: rsyslog
Breaks: iptables-persistent, netfilter-persistent
Homepage: https://launchpad.net/ufw
Task: standard
Download-Size: 169 kB
APT-Manual-Installed: no
APT-Sources: http://phx-ad-3.clouds.archive.ubuntu.com/ubuntu noble/main amd64 Packages
Description: program for managing a Netfilter firewall
The Uncomplicated FireWall is a front-end for iptables, to make managing a
Netfilter firewall easier. It provides a command line interface with syntax
similar to OpenBSD's Packet Filter. It is particularly well-suited as a
host-based firewall.
Post do-release-upgrade, iptables-persistent and netfilter-persistent
are removed, which breaks any machines that relied on their
configuration.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-release-notes/+bug/2061891/+subscriptions
More information about the foundations-bugs
mailing list