Skip to content

Changelog ufw (0.36-0ubuntu0.18.04.2)


ufw (0.36-0ubuntu0.18.04.2) bionic; urgency=medium

   * d/p/0002-set-default-policy-after-load.patch: fix boot stall on
     iscsi/network root filesystem when starting ufw (LP: #1946804)
   * d/p/0003-unconditionally-reload-with-delete.patch: fix corner case
     of rule deletion with specific/any proto (LP: #1933117)


ufw (0.36-0ubuntu0.18.04.1) bionic-proposed; urgency=medium

   * Backport to bionic addressing the following SRU bugs:
     - LP: #1811129 - master SRU bug
     - LP: #1664133 - before6.rules: echo-reply needs to be before INVALID
     - LP: #1719211 - improve interface name checks
     - LP: #1775043 - shell-completion/bash: adjust for modern bash
     - LP: #1204579 - support concurrent updates
     - LP: #1368411 - add 'prepend' command


ufw (0.36-1) unstable; urgency=medium

   * New upstream release (LP: #1782384, LP: #1664133, LP: #1509725,
     LP: #1695718, LP: #1719211, LP: #1775043, LP: #1204579, LP: #1652163,
     LP: #1377600, Closes: 686248, LP: #1368411, LP: #1586258, Closes: 909163,
     Closes: 884932, LP: #1558068)
     - drop 0002-bug849628.patch (included upstream)
     - drop 0003-use-default-tcp-syncookies.patch (included upstream)
     - drop 0004-lp1633698.patch (included upstream)
   * Remaining changes:
     - 0001-optimize-boot.patch
   * debian/ufw.maintscript: remove /etc/bash_completion.d/ufw on upgrade
     (LP: #1602834)
   * debian/control: remove no longer needed xs-python-version and
     x-python3-version fields
   * update debian/before6.rules.md5sum for file shipped in 0.35-6. While both
     before.rules and before6.rules were updated in this new upstream release,
     0.35-6 mistakenly already had its own md5sum for before.rules, so we don't
     need to add it now.

ufw (0.35-6) unstable; urgency=medium

   * debian/control:
     - Build-Depends on python3-distutils (Closes: 896787)
     - remove Build-Depends on dh-systemd and add versioned Build-Depends on
       debhelper >= 9.20160709
     - update to use Vcs-Git instead of Vcs-Bzr


ufw (0.35-5) unstable; urgency=medium

   * Remove upstart system job.

ufw (0.35-4) unstable; urgency=medium

   * debian/ufw.lintian-overrides:
     - remove no longer needed lintian override for postinst init script
     - don't complain about 'ufw allow' rules with spellcheck
   * debian/ufw.init: add Description to INIT INFO
   * debian/control: Depends on lsb-base (>= 3.0-6)
   * debian/ufw.service: add Documentation key

ufw (0.35-3) unstable; urgency=medium

   * 0002-bug849628.patch: adjust testsuite for recent changes to netbase
     (Closes: 849628)
   * 0003-use-default-tcp-syncookies.patch: don't override distribution default
     for TCP syncookies
   * 0004-lp1633698.patch: adjust ufw6-before-output rules for echo-reply and
     echo-request (LP: #1633698)
   * update debian/before6.rules.md5sum
   * fix lintian errors:
     - debian/control: Build-Depends on dh-python and debhelper >= 9
     - debian/compat: use compatibility level 9


ufw (0.35-2) unstable; urgency=medium

   [ Adam Conrad ]
   * Switch the ufw trigger to interest-noawait to avoid trigger loops.

ufw (0.35-1) unstable; urgency=medium

   * New upstream release (LP: #448503, LP: #728128)
     - drop 0002-update-testsuite-for-empty-proc-net.patch (included upstream)
     - refresh 0001-optimize-boot.patch
   * update rsyslog example to use 'stop' instead of the deprecated '~'. Patch
     from Ognyan Kulev. (Closes: 798100)
   * debian/rules: use dh_prep instead of dh_clean -k
   * debian/ufw.postinst: migrate /lib/ufw/user*rules to /etc/ufw on upgrade
     and add symlinks from /lib/ufw/user*rules to /etc/ufw (Closes: 818000)
   * debian/ufw.postrm: remove /lib/ufw/user*rules symlinks on purge


ufw (0.34-2) unstable; urgency=medium

   * 0002-update-testsuite-for-empty-proc-net.patch: update unit tests to not
     fail when /proc/net/* has no useful information (Closes: 797020)
   * debian/control: no longer explicitly Depends on debconf (Closes: 797278)

ufw (0.34-1) unstable; urgency=low

   * New upstream release (LP: #1434525, LP: #1438647, LP: #1155292,
     Closes: 792753). Drop following patches included upstream:
     - 0002-lp1044361.patch
     - 0003-fix-typeerror-on-error.patch
     - 0004-lp1039729.patch
     - 0005-lp1191197.patch
   * Merge in Ubuntu packaging:
     - debian/ufw.postinst:
       + drop old reload of policy for upgrades to 0.30.1-2
       + add new ufw[6]-track-forward primary chains on upgrade
     - Install the SysV init and upstart script for both Debian and Ubuntu.
       Debian has upstart too, and in Ubuntu we need the init script for LSB
       dependencies and for systemd. (LP: #1341083)
       + Rename debian/ufw.init.debian to debian/ufw.init
       + Rename debian/ufw.upstart.ubuntu to debian/ufw.upstart
       + Remove all the distro specific code from debian/rules and just call
         dh_installinit (thus removing lsb-release from Build-Depends-Indep).
     - Drop the distro specific logrotate configs, and use the ubuntu one with
       "rotate" instead of "reload" everywhere, as Debian's rsyslog init also
       supports "rotate".
     - Add a systemd unit:
       + Add debian/ufw.service
       + Add dh-systemd build dep.
       + debian/rulles: Call dh_systemd_{enable,start}.
     - Don't include Debian version in the python module version (LP: #1465549)
   * debian/copyright: follow copyright-format/1.0
   * debian/po/pt_BR.po: add Brazilian Portuguese of debconf templates. Thanks
     to Adriano Rafael Gomes (Closes: 770453)
   * update debian/before[6].rules.md5sum
   * debian/ufw.lintian-overrides:
     - usr/share/ufw/after.init and before.init are intentionally not
     - we intentionally do not stop the firewall with init.d script
   * debian/control: Build-Depends-Indep on procps (needed by testsuite for
   * debian/ufw.dirs, debian/rules: copy bash completions to
   * debian/rules: run 'make clean' after running the testsuite since the
     testsuite creates a build/ directory not that would be reused
   * debian/ufw.postrm: remove after.init and before.init on purge


ufw (0.33-2) unstable; urgency=low

   * debian/control: python-ufw should Breaks/Replaces on ufw << 0.32-0ubuntu1
     (Closes: 731863)

ufw (0.33-1) unstable; urgency=low

   * New upstream release (Closes: 711711, Closes: 691135, Closes: 704728).
     Sync back up with Ubuntu (all changes here except for Polish debconf
     translation and Standards-Version already in Ubuntu). Add the following
     patches from Ubuntu which can be dropped in 0.34:
     - debian/patches/0002-lp1044361.patch: move netfilter capabilities
       checking into initcaps(), and call initcaps() only when we need it
     - 0003-fix-typeerror-on-error.patch: fix TypeError on error when using
     - debian/patches/0004-lp1039729.patch: Skip get_netfilter_capabilities()
       with ipv6 if ipv6 is disabled
     - debian/patches/0005-lp1191197.patch: add check for -m rt --rt-type 0
   * debian/po/pl.po: add Polish translation of debconf templates. Thanks to
     Michal Kulach (Closes: 667942)
   * debian/watch: use https instead of http
   * debian/(after|before)6.rules.md5sum: adjust for recently missed shipped
   * debian/control:
     - clean up Depends and Build-Depends
     - Build-Depends on python3
     - add python-ufw for installing python2 modules
     - add X-Python3-Version: >= 3.2
     - update Standards-Version to 3.9.4
   * add debian/python-ufw.install
   * debian/rules:
     - use --install-layout=deb
     - adjust PYTHON to use python3
     - adjust PYVERS to use py3versions
     - add PYTHON2
     - run tests for both PYTHON and PYTHON2
     - run with both PYTHON and PYTHON2
     - use dh_python3 for ufw
     - use dh_python2 for python-ufw
   * debian/ufw.lintian-overrides
     - remove old unneeded override
     - add postrm-does-not-call-updaterc.d-for-init.d-script since Ubuntu's
       debhelper adds code to postinst that does nothing on Ubuntu, but doesn't
       add the corresponding code to postrm


ufw (0.31.1-2) unstable; urgency=low

   * Simplify unload of firewall and play nicely with other firewall tools by
     using ufw-init instead of iptables directly. 'ufw-init stop' by design
     leaves a few empty chains around, but they won't get in the way of
     anything and are gone after the next reboot. Using upstream's ufw-init has
     the important benefit of always cleaning what it needs. (Closes: 672439).
     - debian/prerm: call '/lib/ufw/ufw-init stop' on removal
     - debian/postrm: don't flush the chains on purge

ufw (0.31.1-1) unstable; urgency=low

   * New upstream release (Closes: 663677, Closes: 625681)
   * debian/control: update to standards 3.9.3
   * convert to source format 3.0 (quilt)
   * 0001-optimize-boot.patch: only read in /etc/ufw/ufw.conf when disabled
   * debian/rules: adjust to only install the application profiles when not
   * debian/po/nl.po: add Dutch translation of debconf templates. Thanks to
     Jeroen Schot (Closes: 658495)
   * debian/po/da.po: add Danish translation of debconf templates. Thanks to
     Joe Dalton (Closes: 666557)


ufw (0.30.1-2) unstable; urgency=low

   * debian/control: make lintian clean:
     - update Standards-Version to 3.9.2
     - Build-Depends on python (>= 2.6.6-3~)
   * conf/ufw.defaults:
     - remove IRC connection tracking, which is only required for DCC.
       Cherrypick r741 from trunk
     - allow nf_conntrack_netbios_ns (Samba). Cherrypick r744 from trunk.
       LP: #360975 (Closes: 631737)
   * enable IPv6 by default and fix 'allow to any ipv6' when IPv6 is enabled.
     Cherrypick r742 from trunk.
   * update manpage references to ufw and ufw-framework to include the section.
     Cherrypick r743 from trunk.
   * ACCEPT UPnP ( for IPv4 and ff02::f for IPv6) for service
     discovery just like we do for mDNS (ie, allow discovery, but not
     connections to the services). LP: #764933
   * debian/ufw.logrotate.debian, debian/ufw.logrotate.ubuntu, debian/rules:
     use 'rotate' option in Debian logrotate file and split out ufw.logrotate
     like we do the initscript since because Ubuntu's rsyslog doesn't have the
     'rotate' option yet. (Closes: 628605)
   * Cherrypick r746 from trunk to update check-requirements to prompt to
     continue with tests that may autoload modules. Add '-f' option to
     check-requirements and update test suite accordingly (LP: #782816)
   * Cherrypick r747 from trunk to not fail when running 'show listening' under
     fakeroot (LP: #812516)
   * debian/postinst:
     - remove some old upgrade transition code for unsupported upgrade paths
     - reload ufw if it is enabled and we are upgrading to this version since
       this is needed after enabling IPv6
   * debian/rules: add build-arch and build-indep targets

ufw (0.30.1-1.1) unstable; urgency=low

   * Non-maintainer upload.
   * Rebuild to add Python 2.7 support

ufw (0.30.1-1) unstable; urgency=low

   * New upstream release which fixes the following:
     - LP: #501140
     - LP: #740249
     - LP: #740256
     - LP: #720605
   * debian/ufw.logrotate: remove upstartism thanks to Michael Biebl
     (Closes: 607696)
   * debian/sysctl.conf: merge in upstream (commented out) changes surrounding
     ipv6 forwarding and privacy addresses
   * debian/before*.rules.md5sum: updated for recent changes

ufw (0.30.0-3) unstable; urgency=low

   * convert to dh_python2:
     - debian/control: remove python-central dependency
     - debian/rules: use dh_python2 instead of dh_pycentral
   * debian/rules: run 'make clean' in the clean target
   * debian/ufw.init.debian: look for /lib/ufw, not /usr/sbin/ufw to see if we
     should quit (ie, when ufw is removed and not purged). Also, only have
     /bin and /sbin in PATH
   * add lintian override
     - debian/rules: add dh_lintian
     - debian/dirs: add usr/share/lintian/overrides
     - ignore init.d-script-possible-missing-stop
   * debian/install, debian/rules: update to use debian/install primarily
   * renamed debian/changelog.pre-0.27.1 to debian/changelog.Debian.pre-0.27.1
   * no longer install upstream ChangeLog.pre-0.25
   * grab man page updates from upstream:
     - mention quoting of application profile names with spaces. Upstream
       r714. (LP: #715676)
     - fix man-page hyphenation in ufw.8. Upstream r716.
     - fix manpage reference to /etc/defaults/ufw. Upstream r713.
       (Closes: 601111)
   * fix typo in warning. Upstream r711. (LP: #637876)
   * adjust PATH if iptables can't be found. Upstream r717.


ufw (0.30.0-2) unstable; urgency=low

   * src/ display unicode error messages properly. Thanks to
     Serguey Basalaev.
     - upstream commit r700
     - LP: #580032
   * src/ fix gettext warning
     - upstream commit r701
   * run debconf-updatepo, but adjust debian/po/de.po and debian/po/es.po to
     add correct "Language:" tag
   * profiles/ufw-mailserver: remove Postfix specific language
     - upstream commit r705, r707
   * debian/rules: do install the upstream application profiles now

ufw (0.30.0-1) unstable; urgency=low

   * New upstream release. Use 0.30.0 as the version even though upstream uses
     0.30 in order to sync to Ubuntu. Fixes:
     - LP: #568877
     - LP: #611982
     - LP: #606997
     - LP: #624199
     - LP: #625340
     - LP: #521359
     - LP: #436608
   * don't flush chains if ufw is not enabled (LP: #581744)
   * debian/postinst: don't source /usr/share/debconf/confmodule when $1 =
     triggered. Fix thanks to Colin Watson. (LP: #618410)
   * debian/control:
     - drop versioned depends on iptables. This helps with backporting now that
       the test suite can handle it
     - updated Standards-Version
   * debian/rules:
     - pass interpreter to
     - don't install upstream application profiles for now
   * add rsyslog support
   * add debian/source/format
   * debian/before6.rules.md5sum: updated for ucf

ufw (0.29.3-1) unstable; urgency=low

   * New upstream release. Fixes:
     LP: #490366
     LP: #512131
     LP: #488032
     LP: #513387
   * debian/ufw.upstart.ubuntu: start before an interface receives traffic
   * debian/postinst: don't sed or chmod a file that doesn't exist
     (LP: #503039)
   * debian/after*.rules.md5sum: updated for ucf (added additional sums for
     people using the workaround in LP: #488032)


ufw (0.29.1-1) unstable; urgency=low

   * new upstream release, fixing LP: #459925 and LP: #480789
   * debian/postinst: run 'ufw logging <log level>' to update the user
     rules for logging (this action does nothing when ufw is not enabled)
   * debian/ufw.upstart.ubuntu: don't use 'quiet' since we also now look for
   * debian/rules:
     - only install upstart on Ubuntu 9.10 and later
     - use $(PYTHON) with

ufw (0.29-5) unstable; urgency=low

   * reduce console output when using Upstart so that ufw is quiet when
     ufw is disabled or enabled and no errors
     - src/ufw-init: add add 'quiet' option on start
     - debian/ufw.upstart.ubuntu: use 'quiet' option on start
   * Debconf translation updates:
     - Vietnamese (thanks to Clytie Siddall. closes: #547919)

ufw (0.29-4) unstable; urgency=low

   * debian/rules: add missing dot for update-rc.d invocation (closes: #547330)

ufw (0.29-3) unstable; urgency=low

   * use upstart instead of sysv initscript on Ubuntu (LP: #431804)
     - debian/control: Bump build-dependency on debhelper for Upstart-aware
       dh_installinit. Add Build-Dep on lsb-release
     - add debian/ufw.upstart.ubuntu
     - move debian/ufw.init to debian/ufw.init.debian
     - debian/ufw.init: rename to debian/ufw.init.debian and update insserv
       info to reflect reality
     - debian/rules: use upstart if Ubuntu and sysv if Debian
     - debian/postinst and debian/postrm: remove calls to update-rc.d
   * error out when filesystem is read-only. Merge from trunk (LP: #430053)
   * catch exception if can't find parent pid when refreshing application
     profiles. Merge from trunk (LP: #424528)
   * add doc/upstart.example and update README for Debian users who want to
     use upstart

ufw (0.29-2) unstable; urgency=low

   * Debconf translation updates:
     - unfuzzied Italian (closes: #540204)
     - ran debconf-updatepo

ufw (0.29-1) unstable; urgency=low

   * new upstream release:
     - adds egress filtering support (LP: #382932)
     - new translations
     - new man page: ufw-framework.8
     - new check-requirements to help debug systems with custom kernels
     - fixes deletion of non-existent application rules (LP: #407810)
   * Debconf translation updates:
     - Galician (thanks to Marce Villarino. closes: #538383)
     - Japanese (thanks to Hideki Yamane. closes: #539595)
     - Italian (thanks to Luca Monducci. closes: #540204)
     - Portuguese (thanks to Américo Monteiro. closes: #538908)
     - Basque (thanks to Piarres Beobide. closes: #539077)
     - Czech (thanks to Michal Simunek)
     - Slovak (thanks to Ivan Masár. closes: #534450)
     - Swedish (thanks to Martin Bagge. closes: #538336)
     - verify/update the above to fix typo in template (closes: #534231)
   * debian/rules: install tests/check-requirements into /usr/share/ufw
   * update ucf md5sums for before.rules and before6.rules
   * remove no longer used lintian override
   * debian/dirs: remove unused /var/lib/ufw

ufw (0.28-2) unstable; urgency=low

   * debian/templates: also fix typo in master template

ufw (0.28-1) unstable; urgency=low

   * new upstream release. Fixes:
     - filtering by interface (LP: #247450)
     - ufw help does not mention 'limit' command (LP: #358964)
     - install rules files 0640 (LP: #393187)
   * install user rules and init script helper to /lib/ufw (LP: #400208)
     - debian/config: update USER_PATH and migrate user rules files from
       /var/lib/ufw to /lib/ufw
     - debian/dirs: use lib/ufw
     - debian/postinst: update USER_PATH
     - debian/postrm: update USER_PATH
     - debian/rules: update for new path
     - debian/ufw.init: update for new path
   * debian/po: fix typo in translations

ufw (0.27.1-2) unstable; urgency=low

   [ Jonathan Wiltshire ]
   * Debconf templates and debian/control reviewed by the debian-l10n-
     english team as part of the Smith review project. Closes: #530956
     - LP: #379591
   * Debconf translation updates:
     - Slovak (closes: #531782)
     - Swedish (closes: #533375)
     - Finnish (closes: #533454)
     - Czech (closes: #533552)
     - Portuguese (closes: #534098)
     - German (closes: #534230)
     - Basque (closes: #534298, #534298)
     - Russian (closes: #534720)
     - Spanish (closes: #534859)
     - French (closes: #535032)
   [ Jamie Strandboge ]
   * debian/postinst: update for translation fixes
   * add bash completion. Based on work by Didier Roche
     - shell-completion/bash: process app and regular commands
     - debian/dirs: add etc/bash_completion.d
     - debian/rules: install bash_completion.ufw
   * install rules files 0640 (LP: #393187)
   * debian/postinst: make allow_custom_ports actually work and set
     existing_configuration as seen after doing initial configuration, to
     prevent calling ufw on already added rules
   * debian/control: bump Standards-Version
   * debian/control: update Vcs-Bzr

ufw (0.27.1-1) unstable; urgency=low

   * Initial release. (closes: #506215)