ERROR: 'route delete NUM' unsupported. Use 'delete NUM' instead.

[arminus]

ufw on debian 11 with ufw-docker-automated latest, couple of docker containers with UFW_MANAGED=true labels

Before starting ufw-docker-automated, I have these rules:

ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN    xx.xx.xx.xx
[ 2] 443                        ALLOW IN    Anywhere                  
[ 3] 443 (v6)                   ALLOW IN    Anywhere (v6)   

running ufw-docker-automated results in this:

2022/10/26 16:52:33 ufw-docker-automated: Connecting to the Docker API. Listening for events..
2022/10/26 16:52:33 ufw-docker-automated: Adding rule: /usr/bin/sudo ufw route allow proto tcp from any to 172.19.0.2 port 443 comment caddy:55633a03aee9
2022/10/26 16:52:33 ufw-docker-automated: Couldn't inspect container: Error: No such container: ufw Cleaning up ufw rule

I take that as a warning, to be ignored...

2022/10/26 16:52:33 ufw-docker-automated: Deleting rule: ufw allow from xx.xx.xx.xx to any port 22
2022/10/26 16:52:33 ufw error: exit status 1 ERROR: Invalid syntax

why does it try to delete my existing port 22 rule? good thing it fails, otherwise I'd be ssh locked out...

2022/10/26 16:52:33 ufw-docker-automated: Deleting rule: ufw allow 443
2022/10/26 16:52:33 ufw: Rule added
2022/10/26 16:52:33 ufw-docker-automated: Adding rule: /usr/bin/sudo ufw route allow proto tcp from any to 172.19.0.2 port 80 comment caddy:55633a03aee9
2022/10/26 16:52:33 ufw error: exit status 1 ERROR: 'route delete NUM' unsupported. Use 'delete NUM' instead.

different error now, again not sure why it tries to delete the existing general 443 rule?

2022/10/26 16:52:33 ufw-docker-automated: Deleting rule: ufw allow 80
2022/10/26 16:52:33 ufw error: exit status 1 ERROR: 'route delete NUM' unsupported. Use 'delete NUM' instead.
2022/10/26 16:52:33 ufw: Rule added

After that, ufw shows this which is ok I guess - but the above errors are kind of irritating and the attempt to delete 22 potentially dangerous...

[ 1] 22                         ALLOW IN    xx.xx.xx.xx
[ 2] 443                        ALLOW IN    Anywhere                  
[ 3] 80                         ALLOW IN    Anywhere                  
[ 4] 172.19.0.2 443/tcp         ALLOW FWD   Anywhere                   # caddy:55633a03aee9
[ 5] 172.19.0.2 80/tcp          ALLOW FWD   Anywhere                   # caddy:55633a03aee9
[ 6] 443 (v6)                   ALLOW IN    Anywhere (v6)             
[ 7] 80 (v6)                    ALLOW IN    Anywhere (v6)             

[shinebayar-g]

Hi @arminus those messages indeed look so wrong. I haven't tested this in Ubuntu 22 or Debian 11. I'll test it out let's see what happens. In the meantime, if you could provide reproducible steps to get those errors that'd be helpful as well.

[arminus]

Thanks for the quick response... For the reproducible steps: I basically followed the setup steps as outlined in your README, all this is on a debian 11 box which I had set up recently from scratch. ufw is version 0.36, docker is 20.10.5+dfsg1, build 55c4c88

All other steps are really listed above, the 2 rules for 22 and 443 were added with an ufw command before all that. The docker containers I'm running are basically caddy docker proxy and nextcloud at this point. But I think that's irrelevant for the strange ufw commands...

If I manually try the route delete command which is apparently being attempted by ufw-docker-automated, I get the same result:

# ufw allow from any to any port 1234
Rule added
Rule added (v6)
# ufw status numbered
...
[ 9] 1234 (v6)                  ALLOW IN    Anywhere (v6)             

# ufw route delete 9
ERROR: 'route delete NUM' unsupported. Use 'delete NUM' instead.
# ufw delete 9
Deleting:
 allow 1234
Proceed with operation (y|n)? y
Rule deleted (v6)

So the question is, why does it use 'route delete' instead of 'delete' - and why does it attempt to delete rules which have nothing todo with docker? (The latter makes me a bit nervous...)

[shinebayar-g]

I see. I'll spend some time to debug this this weekend.

[surbiks]

hi
this problem exists in ubuntu 22.04. This error occurs in Cleanup function, when you run sudo ufw show added, result of this command is :

Added user rules (see 'ufw status' for running firewall):
ufw allow 443
ufw allow 80

after processing the rule to clean, you delete 10 chars first and run the delete ufw function, and it tries to delete the open ports.

[shinebayar-g]

I was able to reproduce the issue, will fix.

[shinebayar-g]

Hello @arminus , @surbiks . I just cut a new release v0.10.0 Looks like this specific error message was a regression introduced in previous v0.9.0 release. I've fixed this bug in a new release and improved some log messages. Please try a latest release and let me know if it works for you.

[surbiks]

@shinebayar-g thanks, it works fine.

[arminus]

@shinebayar-g thanks a lot, works for me as well.