UFW not working well on Ubuntu

Which system do you use? Android, Ubuntu, OOWOW or others?

Ubuntu

Which version of system do you use? Please provide the version of the system here:

vim3-ubuntu-24.04-server-linux-5.15-fenix-1.6.9-240618-emmc

Please describe your issue below:

I had 22.04 server installed and got into trouble with UFW not working well with iptables. Now it’s the same with 24.04 server. On a fresh install I try to install ufw:

khadas@Khadas:~$ sudo ufw allow ssh
ERROR: Couldn't determine iptables version

When trying to install iptables-persistent via
sudo apt install iptables iptables-persistent

The result is:

Setting up iptables-persistent (1.0.20) ...
iptables: Failed to initialize nft: Protocol not supported
IPv4: Unable to save (table filter isn't available or module not loadable)
ip6tables: Failed to initialize nft: Protocol not supported
IPv6: Unable to save (table filter isn't available or module not loadable)

Are there modules missing or what’s the reason I’m having a hard time getting UFW to work?

You will have to reconfigure the kernel. I don’t recall the exact config but it is related to networking. If memory is correct I just turned on many of them until it did work. Its been a few years back and I don’t have any notes on that, that is how it was resolved.

Pretty sure that the tail end of the 20.04 images had it enabled out of the box. So maybe diff the kernel configs and it might become obvious what needs loaded.

in fenix use make menuconfig, and their is another command to save the config, I don’t recall what that one is.

Hello @haste

@Electr1 will help you later.

Yes, please. So far I’ve been following the steps with Fenix tool to create a new image, but I’m not convinced it uses the config after I’ve added networking options.

So when building a new image with the ‘make’ command and booting, installing and enabling ufw I keep getting these errors:

khadas@Khadas:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
iptables-restore v1.8.10 (nf_tables):
line 63: RULE_APPEND failed (No such file or directory): rule in chain ufw-not-local
iptables-restore v1.8.10 (nf_tables):
line 24: RULE_APPEND failed (No such file or directory): rule in chain ufw-after-logging-input
line 25: RULE_APPEND failed (No such file or directory): rule in chain ufw-after-logging-forward
line 26: RULE_INSERT failed (No such file or directory): rule in chain ufw-logging-deny
line 27: RULE_APPEND failed (No such file or directory): rule in chain ufw-logging-deny
line 28: RULE_APPEND failed (No such file or directory): rule in chain ufw-logging-allow
Warning: Extension rt revision 0 not supported, missing kernel module?
Warning: Extension hl revision 0 not supported, missing kernel module?
ip6tables-restore v1.8.10 (nf_tables):
line 24: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-input
line 25: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-forward
line 26: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-output
line 50: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-input
line 51: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-input
line 52: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-input
line 53: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-input
line 55: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-input
line 57: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-input
line 67: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-input
line 69: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-input
line 111: RULE_APPEND failed (No such fi
ip6tables-restore v1.8.10 (nf_tables):
line 24: RULE_APPEND failed (No such file or directory): rule in chain ufw6-after-logging-input
line 25: RULE_APPEND failed (No such file or directory): rule in chain ufw6-after-logging-forward
line 26: RULE_INSERT failed (No such file or directory): rule in chain ufw6-logging-deny
line 27: RULE_APPEND failed (No such file or directory): rule in chain ufw6-logging-deny
line 28: RULE_APPEND failed (No such file or directory): rule in chain ufw6-logging-allow

Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/before6.rules'
Problem running '/etc/ufw/user6.rules'

Would be interested in knowing the right steps to make sure the updated config is being used.

And do I only use the command make or make kernel?
And what about make kernel-saveconfig.

Just trying to figure out how this works and I’m not a professional.

@haste after setting the linux config, you need to do

$ make clean

from the command line while in the fenix folder, then

$ make kernel-deb

you can then find kernel update packages in fenix/build/images/debs/1.6.9.1/VIM3/

you can copy this to your board and install with dpkg -i <package name>.deb so you don’t need to reinstall the firmware every time.

Can you share what additions you made to the kernel ?

Will give this a try. Thanks.

I actually asked ChatGPT and it returned these modules to be activated to make ip_tables work with nfw on Ubuntu 24.04.

CONFIG_NF_TABLES=y
CONFIG_NF_TABLES_SET=y
CONFIG_NF_TABLES_INET=y
CONFIG_NF_TABLES_NETDEV=y
CONFIG_NF_TABLES_COMPAT=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP6_NF_IPTABLES=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP6_NF_FILTER=y
CONFIG_NF_LOG_IPV4=y
CONFIG_NF_LOG_IPV6=y
CONFIG_NF_REJECT_IPV4=y
CONFIG_NF_REJECT_IPV6=y
CONFIG_NF_LOG_COMMON=y
CONFIG_NF_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_LOG=y
CONFIG_NETFILTER_XT_TARGET_LOG=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_RT=y
CONFIG_NETFILTER_XT_TARGET_HL=y

And I assume for Ubuntu I need to run make kernel instead of make kernel-deb?

I’ve tried this and I still don’t get it to work.

I checked that .config contains all the options mentioned here above. It’s the .config file in fenix/build/linux folder.

Went to fenix home directory and did make clean and make kernel-deb and installed the packages on my VIM3. After reboot I get the exact same errors like mentioned in my log file before.

A few times I had the .config file being reset to default. Which is annoying and I don’t really get why this happens.

So what am I doing wrong? I mean UFW nowadays is basic functionality. Quite disappointing to see it’s not in the images distributed by Khadas and it’s giving me so many headaches to get it up and running.

Any help would be appreciated. Thanks.

@haste thank you for the info, I’ll try building it with these configs on my side to see if is working or try an alternative solution.

Thank you. I would be very happy with an img of Ubuntu 24.04 server with UFW working for my VIM3.

@haste I believe I was able to enable ufw without any modifications to the kernel at all

1. You need to change the iptables to legacy:

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

2. Then in /etc/default/ufw set the following:

-- IPV6=yes
++ IPV6=no

sync
reboot now

3. After reboot, I probe the necessary modules

sudo modprobe ip_tables
sudo modprobe nf_tables
sudo modprobe nf_conntrack

sudo modprobe iptable_filter
sudo modprobe iptable_nat
sudo modprobe iptable_mangle
sudo modprobe iptable_raw

sudo modprobe xt_tcp
sudo modprobe xt_udp
sudo modprobe xt_LOG
sudo modprobe xt_limit
sudo modprobe xt_conntrack
sudo modprobe xt_addrtype

now you can start ufw

sudo ufw disable
sudo ufw enable
sudo ufw status

To test, I tried disabling and enabling port 22 to see if I could ssh and sure it was blocked and enabled

khadas@Khadas:~$ sudo ufw disable
Firewall stopped and disabled on system startup
khadas@Khadas:~$ sudo ufw enable
Firewall is active and enabled on system startup
khadas@Khadas:~$ sudo ufw reload
Firewall reloaded
khadas@Khadas:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         DENY        Anywhere                  
22/tcp                     DENY        Anywhere                  

khadas@Khadas:~$ sudo ufw allow ssh
Rule updated
khadas@Khadas:~$ sudo ufw allow 22
Rule updated
khadas@Khadas:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  

Try it out and let me know, you need to probe the modules on boot but this can be automated.

cheers

Thank you. This works. I added all the modules to this file to load on boot:

sudo nano /etc/modules-load.d/modules.conf

I’m actually still experiencing difficulties. It was working like you said and I’ve enabled ufw as a service to start on boot, but when I reboot it won’t start and the log file shows:

haste@Khadas:~$ sudo journalctl -b | grep ufw
Jul 02 12:47:06 Khadas systemd[1]: Starting ufw.service - Uncomplicated firewall...
Jul 02 12:47:07 Khadas ufw-init[479]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[479]: Error occurred at line: 1
Jul 02 12:47:07 Khadas ufw-init[479]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[485]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[485]: Error occurred at line: 1
Jul 02 12:47:07 Khadas ufw-init[485]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[489]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[489]: Error occurred at line: 1
Jul 02 12:47:07 Khadas ufw-init[489]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[492]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[492]: Error occurred at line: 1
Jul 02 12:47:07 Khadas ufw-init[492]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[493]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[493]: Error occurred at line: 12
Jul 02 12:47:07 Khadas ufw-init[493]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[494]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[494]: Error occurred at line: 12
Jul 02 12:47:07 Khadas ufw-init[494]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[506]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[506]: Error occurred at line: 1
Jul 02 12:47:07 Khadas ufw-init[506]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[510]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[510]: Error occurred at line: 1
Jul 02 12:47:07 Khadas ufw-init[510]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[513]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[513]: Error occurred at line: 1
Jul 02 12:47:07 Khadas ufw-init[513]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[515]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[515]: Error occurred at line: 1
Jul 02 12:47:07 Khadas ufw-init[515]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[534]: Problem running '/etc/ufw/before.rules'
Jul 02 12:47:07 Khadas ufw-init[534]: Problem running '/etc/ufw/after.rules'
Jul 02 12:47:07 Khadas ufw-init[534]: Problem running '/etc/ufw/user.rules'
Jul 02 12:47:07 Khadas systemd[1]: ufw.service: Main process exited, code=exited, status=1/FAILURE
Jul 02 12:47:07 Khadas systemd[1]: ufw.service: Failed with result 'exit-code'.
Jul 02 12:47:07 Khadas systemd[1]: Failed to start ufw.service - Uncomplicated firewall.
Jul 02 12:47:51 Khadas sudo[1533]:    haste : TTY=pts/0 ; PWD=/home/haste ; USER=root ; COMMAND=/usr/sbin/ufw status
Jul 02 12:47:56 Khadas sudo[1544]:    haste : TTY=pts/0 ; PWD=/home/haste ; USER=root ; COMMAND=/usr/bin/systemctl status ufw
Jul 02 12:48:18 Khadas sudo[1548]:    haste : TTY=pts/0 ; PWD=/home/haste ; USER=root ; COMMAND=/usr/sbin/ufw status

When I try to manually enable ufw it won’t start:

haste@Khadas:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
haste@Khadas:~$ sudo systemctl status ufw
× ufw.service - Uncomplicated firewall
     Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Tue 2024-07-02 12:47:07 UTC; 5min ago
       Docs: man:ufw(8)
   Main PID: 456 (code=exited, status=1/FAILURE)
        CPU: 125ms

Jul 02 12:47:07 Khadas ufw-init[513]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[515]: iptables-restore v1.8.10 (legacy): iptables-restore: unable to initialize table 'filter'
Jul 02 12:47:07 Khadas ufw-init[515]: Error occurred at line: 1
Jul 02 12:47:07 Khadas ufw-init[515]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Jul 02 12:47:07 Khadas ufw-init[534]: Problem running '/etc/ufw/before.rules'
Jul 02 12:47:07 Khadas ufw-init[534]: Problem running '/etc/ufw/after.rules'
Jul 02 12:47:07 Khadas ufw-init[534]: Problem running '/etc/ufw/user.rules'
Jul 02 12:47:07 Khadas systemd[1]: ufw.service: Main process exited, code=exited, status=1/FAILURE
Jul 02 12:47:07 Khadas systemd[1]: ufw.service: Failed with result 'exit-code'.
Jul 02 12:47:07 Khadas systemd[1]: Failed to start ufw.service - Uncomplicated firewall.

The modules are loaded as far as I can see:

haste@Khadas:~$ lsmod | grep ip_tables
lsmod | grep nf_tables
lsmod | grep nf_conntrack

lsmod | grep iptable_filter
lsmod | grep iptable_nat
lsmod | grep iptable_mangle
lsmod | grep iptable_raw

lsmod | grep xt_tcp
lsmod | grep xt_udp
lsmod | grep xt_LOG
lsmod | grep xt_limit
lsmod | grep xt_conntrack
lsmod | grep xt_addrtype
ip_tables              32768  12 iptable_filter,iptable_raw,iptable_nat,iptable_mangle
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle
nf_tables             221184  0
nfnetlink              20480  1 nf_tables
nf_conntrack          147456  2 xt_conntrack,nf_nat
nf_defrag_ipv6         24576  1 nf_conntrack
nf_defrag_ipv4         16384  1 nf_conntrack
iptable_filter         16384  1
ip_tables              32768  12 iptable_filter,iptable_raw,iptable_nat,iptable_mangle
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle
iptable_nat            16384  0
nf_nat                 49152  1 iptable_nat
ip_tables              32768  12 iptable_filter,iptable_raw,iptable_nat,iptable_mangle
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle
iptable_mangle         16384  0
ip_tables              32768  12 iptable_filter,iptable_raw,iptable_nat,iptable_mangle
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle
iptable_raw            16384  0
ip_tables              32768  12 iptable_filter,iptable_raw,iptable_nat,iptable_mangle
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle
xt_tcpudp              16384  14
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle
xt_LOG                 16384  4
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle
xt_limit               20480  6
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle
xt_conntrack           16384  8
nf_conntrack          147456  2 xt_conntrack,nf_nat
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle
xt_addrtype            16384  4
x_tables               49152  11 xt_conntrack,iptable_filter,xt_LOG,xt_tcpudp,xt_addrtype,ip6_tables,iptable_raw,ip_tables,iptable_nat,xt_limit,iptable_mangle

@haste it could be due to the order of the modules loading and the service starting, you may need to reload the service after you’ve booted. I will try it out on my side as well to see what the issue is.

Okay makes sense. I’ve configured systemd service file to wait with starting ufw until all network modules are loaded.

sudo mkdir -p /etc/systemd/system/ufw.service.d

sudo nano /etc/systemd/system/ufw.service.d/override.conf

[Unit]
After=network.target
Requires=network.target

sudo systemctl daemon-reload

sudo systemctl restart ufw

sudo systemctl enable ufw

After reboot it shows everything working:

haste@Khadas:~$ sudo systemctl status ufw
● ufw.service - Uncomplicated firewall
     Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled; preset: enabled)
    Drop-In: /etc/systemd/system/ufw.service.d
             └─override.conf
     Active: active (exited) since Tue 2024-07-02 14:43:28 UTC; 23s ago
       Docs: man:ufw(8)
    Process: 1126 ExecStart=/usr/lib/ufw/ufw-init start quiet (code=exited, status=0/SUCCESS)
   Main PID: 1126 (code=exited, status=0/SUCCESS)
        CPU: 121ms


Jul 02 14:43:27 Khadas systemd[1]: Starting ufw.service - Uncomplicated firewall...
Jul 02 14:43:28 Khadas systemd[1]: Finished ufw.service - Uncomplicated firewall.

haste@Khadas:~$ sudo journalctl | grep ufw
Jul 02 14:43:20 Khadas systemd[1]: NetworkManager.service: Found dependency on ufw.service/start
Jul 02 14:43:27 Khadas systemd[1]: Starting ufw.service - Uncomplicated firewall...
Jul 02 14:43:28 Khadas systemd[1]: Finished ufw.service - Uncomplicated firewall.
Jul 02 14:43:51 Khadas sudo[1535]:    haste : TTY=pts/0 ; PWD=/home/haste ; USER=root ; COMMAND=/usr/bin/systemctl status ufw
Jul 02 14:44:05 Khadas sudo[1540]:    haste : TTY=pts/0 ; PWD=/home/haste ; USER=root ; COMMAND=/usr/sbin/ufw status

haste@Khadas:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere

@haste thank you for the info, I think it might be useful to document this as well
will see if we can add this into the public docs as well.

Cheers

Yes, I would think many want to use UFW.
I would actually appreciate it if future images would have this working out of the box. But that’s up to you and the team.

Thanks for your help so far!

@Electr1 can you send a PR to fix this issue?

Yes, imo this needs a proper fix. Now when trying to install docker service I still get errors related to modules not being properly loaded:

Jul 03 04:56:39 Khadas systemd[1]: docker.service: Scheduled restart job, restart counter is at 2.
Jul 03 04:56:39 Khadas systemd[1]: Starting docker.service - Docker Application Container Engine...
Jul 03 04:56:39 Khadas dockerd[12983]: time="2024-07-03T04:56:39.785559307Z" level=info msg="Starting up"
Jul 03 04:56:39 Khadas dockerd[12983]: time="2024-07-03T04:56:39.787645105Z" level=info msg="detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf"
Jul 03 04:56:39 Khadas dockerd[12983]: time="2024-07-03T04:56:39.835644027Z" level=info msg="[graphdriver] using prior storage driver: overlay2"
Jul 03 04:56:39 Khadas dockerd[12983]: time="2024-07-03T04:56:39.836207487Z" level=info msg="Loading containers: start."
Jul 03 04:56:39 Khadas dockerd[12983]: time="2024-07-03T04:56:39.970211394Z" level=warning msg="ip6tables is enabled, but cannot set up ip6tables chains" error="failed to create FILTER chain DOCKER: iptables failed: ip6tables --wait -t filter -N DOCKER: ip6tables v1.8.10 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n (exit status 3)"
Jul 03 04:56:39 Khadas dockerd[12983]: time="2024-07-03T04:56:39.972523651Z" level=warning msg="Setting the default DROP policy on firewall reload failed, setting default policy to DROP in FORWARD chain failed:  (iptables failed: ip6tables --wait -t filter -P FORWARD DROP: ip6tables v1.8.10 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n (exit status 3))"
Jul 03 04:56:39 Khadas dockerd[12983]: time="2024-07-03T04:56:39.973527070Z" level=warning msg="Could not load necessary modules for IPSEC rules: protocol not supported"
Jul 03 04:56:39 Khadas dockerd[12983]: time="2024-07-03T04:56:39.983447805Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Jul 03 04:56:39 Khadas dockerd[12983]: time="2024-07-03T04:56:39.991351535Z" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
Jul 03 04:56:39 Khadas dockerd[12983]: failed to start daemon: Error initializing network controller: error creating default "bridge" network: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE: Warning: Extension MASQUERADE revision 0 not supported, missing kernel module?
Jul 03 04:56:39 Khadas dockerd[12983]: iptables: No chain/target/match by that name.
Jul 03 04:56:39 Khadas dockerd[12983]:  (exit status 1))
Jul 03 04:56:40 Khadas systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Jul 03 04:56:40 Khadas systemd[1]: docker.service: Failed with result 'exit-code'.
Jul 03 04:56:40 Khadas systemd[1]: Failed to start docker.service - Docker Application Container Engine.
Jul 03 04:56:42 Khadas systemd[1]: docker.service: Scheduled restart job, restart counter is at 3.
Jul 03 04:56:42 Khadas systemd[1]: docker.service: Start request repeated too quickly.
Jul 03 04:56:42 Khadas systemd[1]: docker.service: Failed with result 'exit-code'.
Jul 03 04:56:42 Khadas systemd[1]: Failed to start docker.service - Docker Application Container Engine.

This happens on a fresh install of Ubuntu 24.04 server (yesterday). Shouldn’t be the case, right?

@haste it looks like you’ve enabled IPv6, can you try disabling it in /etc/default/ufw and see if it works ?

You may need to add xt_MASQUERADE to the modules list.

IPv6 I already had disabled on your advice. Not sure why it keeps bringing up ip6tables error.

I had to enable both xt_MASQUERADE and xt_nat to get my docker to run.