Ubuntu
ufw package

UFW syslog / kernel.log spam for INVALID packets

Bug #207156 reported by Tonohono
12
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

Binary package hint: ufw

I have UFW enabled with the default policy set to ALLOW.
When using Deluge, a BitTorrent client, UFW spams the logs with the lines similar to the following:

Mar 26 11:12:53 Gilliam kernel: [ 6507.872105] [UFW BLOCK INVALID]: IN=eth0 OUT= MAC=00:1a:92:55:f8:71:00:1c:10:b2:01:df:08:00 SRC=67.160.78.61 DST=192.168.44.20 LEN=52 TOS=0x00 PREC=0x40 TTL=111 ID=29725 DF PROTO=TCP SPT=49125 DPT=36056 WINDOW=10240 RES=0x28 RST URGP=2278

Mar 26 11:12:54 Gilliam kernel: [ 6508.074424] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:1a:92:55:f8:71:00:1c:10:b2:01:df:08:00 SRC=123.195.17.80 DST=192.168.44.20 LEN=131 TOS=0x00 PREC=0x20 TTL=99 ID=14877 PROTO=UDP SPT=29815 DPT=51555 LEN=111

The [UFW BLOCK INVALID] lines are far more common. Specifying this policy in UFW seems to have no effect:

To Action From
-- ------ ----
51555:tcp ALLOW Anywhere
51555:udp ALLOW Anywhere

Upon closing Deluge, the log entries continue (albeit less frequently) until I close the port 51555 on my router.

See original description

Related branches

lp:ubuntu/karmic/ufw
Tonohono (tonohono-deactivatedaccount)
description: updated
description: updated
Revision history for this message
Matthew Woerly (nattgew) wrote :

Is there a config file that tells UFW what to log?

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug and helping to make Ubuntu even better. The ufw command does allow turning logging on and off with:

$ sudo ufw logging on
$ sudo ufw logging off

The iptables manpage says "Possible states are INVALID meaning that the packet is associated with no known connection." Matching packets should be logged in the general case, as they could indicate an attack. If you want to fine-tune your firewall, you can make adjustments in the /etc/ufw/*.rules files. Please see 'man ufw' for details.

Changed in ufw:
status: New → Invalid
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I am reopening this based on further discussion and will disable logging of INVALID packets.

Changed in ufw:
status: Invalid → Triaged
Jamie Strandboge (jdstrand)
Changed in ufw:
assignee: nobody → jamie-strandboge
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.16.2

---------------
ufw (0.16.2) hardy; urgency=low

  * don't log noisy services by default (LP: #209709)
  * don't log INVALID packets by default (LP: #207156)
  * consult /etc/services for protocol (LP: #209845)
    - src/ufw added get_services_proto() and adjust process_args() to use it
    - ufw.8 updated
    - tests added and updated for verification
  * bump version

 -- Jamie Strandboge <email address hidden> Mon, 31 Mar 2008 15:21:17 -0400

Changed in ufw:
status: Triaged → Fix Released
Revision history for this message
Soul-Sing (soulzing) wrote :

09012009: with the new -23 kernel in ubuntu 8.04.1, the same ufw ¨spam¨-messages in my syslog as tonohono.
gufw default policy: allow

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.