Home / ubuntu / Questions / 1174866
Accepted
Stephen Boston
Asked: 2019-09-18 12:33:28 +0800 CST

UFW - what is the meaning of 'Rule changed after normalization'

  • 772

I issue the following :

# ufw allow from <ip address>

And get the response:

WARN: Rule changed after normalization
Rule added (v6)

I am familiar with the term 'normalization' in relational database structuring but I am curious how this is applied to the UFW rules. The rule I requested is subsequently listed just as I entered it 

Anywhere (v6)              ALLOW IN    <ip address>

What has happened in this process of normalization?

ufw

1 Answers

  1. Best Answer

    I don't have a definitive answer, but I do have an example. Note that man ufw explains:

    Because rules are normalized by ufw, rules may look different than the originally added rule.

    In my case, ufw had to normalize the rule I gave it because it was an IP + subnet (xxx.xxx.xxx.xxx/xx) where the IP was more specific than the subnet required; e.g.,

    # ufw allow from 192.168.123.8/24

    The /24 subnet says "include all IP addresses that match 192.168.123.xxx, so the .8 at the end is unnecessary: 192.168.123.0/24 means the same thing without the extra "significant digits". Thus, ufw normalizes my rule by converting the .8 to .0.

    Not sure what other kinds of normalization ufw performs, but you can probably observe what happened simply by comparing the rule you gave to ufw and the rules it reports in ufw status.

    • 5