debcrafters-packages team mailing list archive

Thread
Date

[Bug 2128668] Re: Wi-Fi hotspot startup does not configure firewalls as needed for internet sharing

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Mitchell Augustin <2128668@xxxxxxxxxxxxxxxxxx>
Date: Mon, 27 Oct 2025 19:12:44 -0000
Reply-to: Bug 2128668 <2128668@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Also affects: network-manager (Ubuntu Resolute)
   Importance: Undecided
     Assignee: Mitchell Augustin (mitchellaugustin)
       Status: In Progress

** Also affects: network-manager (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Also affects: network-manager (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: network-manager (Ubuntu Plucky)
   Importance: Undecided
       Status: New

** Also affects: network-manager (Ubuntu Questing)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/2128668

Title:
  Wi-Fi hotspot startup does not configure firewalls as needed for
  internet sharing

Status in network-manager package in Ubuntu:
  In Progress
Status in network-manager source package in Jammy:
  New
Status in network-manager source package in Noble:
  New
Status in network-manager source package in Plucky:
  New
Status in network-manager source package in Questing:
  New
Status in network-manager source package in Resolute:
  In Progress

Bug description:
  SRU Justification:

  [ Impact ]

  When a wi-fi hotspot is being broadcast, NetworkManager does not
  automatically configure all firewall rules as needed for clients to
  access the internet.

  [ Test Plan ]

  Start wi-fi hotspot on device running ufw that is connected to the
  internet

  [ Actual result ]
  Clients cannot connect to the internet via the hotspot. Only after adding custom firewall rules such as those described above can the client connect to the internet.

  [ Expected result ]
  Clients can connect to the internet via the hotspot

  [ Fix ]

  At minimum, the following is needed to enable this:

  1. Enable routing from wireless adapter to wired adapter (ex: sudo ufw route allow in on wlP9s9 out on enp1s0 (varies depending on adapter names))
  2. Set iptables forwarding rules correctly (ex: sudo iptables -P FORWARD ACCEPT)
  3. If the host is running its own DNS / DHCP servers, those will also have to be allowed by the firewall

  (Discussion ongoing upstream)

  [ Where problems could occur ]

  Specifics to be researched

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2128668/+subscriptions

References

[Bug 2128668] [NEW] Wi-Fi hotspot startup does not configure firewalls as needed for internet sharing
From: Mitchell Augustin, 2025-10-16