@haste I believe I was able to enable ufw without any modifications to the kernel at all
- You need to change the iptables to legacy:
sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
- Then in
/etc/default/ufwset the following:
-- IPV6=yes
++ IPV6=no
sync
reboot now
- After reboot, I probe the necessary modules
sudo modprobe ip_tables
sudo modprobe nf_tables
sudo modprobe nf_conntrack
sudo modprobe iptable_filter
sudo modprobe iptable_nat
sudo modprobe iptable_mangle
sudo modprobe iptable_raw
sudo modprobe xt_tcp
sudo modprobe xt_udp
sudo modprobe xt_LOG
sudo modprobe xt_limit
sudo modprobe xt_conntrack
sudo modprobe xt_addrtype
now you can start ufw
sudo ufw disable
sudo ufw enable
sudo ufw status
To test, I tried disabling and enabling port 22 to see if I could ssh and sure it was blocked and enabled
khadas@Khadas:~$ sudo ufw disable
Firewall stopped and disabled on system startup
khadas@Khadas:~$ sudo ufw enable
Firewall is active and enabled on system startup
khadas@Khadas:~$ sudo ufw reload
Firewall reloaded
khadas@Khadas:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
22 DENY Anywhere
22/tcp DENY Anywhere
khadas@Khadas:~$ sudo ufw allow ssh
Rule updated
khadas@Khadas:~$ sudo ufw allow 22
Rule updated
khadas@Khadas:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
22/tcp ALLOW Anywhere
Try it out and let me know, you need to probe the modules on boot but this can be automated.
cheers