I’m trying to run UFW firewall on Ubuntu Bionic built with Fenix script. Kernel version is 4.9.40 and apparently it lacks conntrack module:
khadas@gytis-vim1:~$ lsmod
Module Size Used by
aufs 262144 0
zram 32768 4
gxbb_wdt 16384 0
dhd 987136 0
mali 274432 0
I have a feeling because it lacks nf_conntrack I have problems enabling UFW:
khadas@gytis-vim1:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
iptables-restore: line 33 failed
ip6tables-restore: line 142 failed
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/before6.rules'
And
khadas@gytis-vim1:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: Could not load logging rules
Hi @Gytis , I try it with VIM1. If you enable UFW failure. you maybe need to do something to setup it.
This is my step . I hope it can help you.
Frist I install ufw in my VIM1. Then I run command ufw status & ufw enable.
root@Khadas:~# ufw enable
ERROR: problem running ufw-init
iptables-restore: line 11 failed
ip6tables-restore: line 138 failed
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/before6.rules'
root@Khadas:~# ufw status
Status: active
It look nothing that you should setup it.
setup with default
root@Khadas:~# ufw disable
Firewall stopped and disabled on system startup
root@Khadas:~# ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
root@Khadas:~# ufw default allow outgoing
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)
root@Khadas:~# ufw default deny outgoing
Default outgoing policy changed to 'deny'
(be sure to update your rules accordingly)
allow Connections
root@Khadas:~# ufw allow ssh
Skipping adding existing rule
Skipping adding existing rule (v6)
root@Khadas:~# ufw allow 22
Skipping adding existing rule
Skipping adding existing rule (v6)
root@Khadas:~# ufw allow 22/tcp
Skipping adding existing rule
Skipping adding existing rule (v6)
root@Khadas:~# ufw status
Status: inactive
root@Khadas:~# ufw enable
ERROR: problem running ufw-init
iptables-restore: line 35 failed
ip6tables-restore: line 138 failed
ip6tables-restore: line 35 failed
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/before6.rules'
Problem running '/etc/ufw/user6.rules'
root@Khadas:~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22 ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
root@Khadas:~#
you can see the error still exists,but it just about user config. If you want to solve it ,you can modify the rules file.
Then I reboot it.
root@Khadas:~# ufw status
Status: inactive
root@Khadas:~# ufw enable
ERROR: problem running ufw-init
iptables-restore: line 35 failed
ip6tables-restore: line 138 failed
ip6tables-restore: line 35 failed
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/before6.rules'
Problem running '/etc/ufw/user6.rules'
root@Khadas:~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22 ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
Problem is that after reboot ufw does not persist as enabled.
Anyway I’ve found the problem - Kernel doesn’t support logging - see ufw’s bug tracker:
Expecting Kahda’s Kernel 4.9 might have the same problem I have disabled logging:
sudo ufw logging off
And also because I have disabled IPv6, I needed to disable IPv6 in ufw config too:
sudo nano /etc/default/ufw
And set:
IPV6=no
Now enabling ufw gives no error:
khadas@gytis-vim1:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
And persists after reboot:
khadas@gytis-vim1:~$ sudo ufw status
[sudo] password for khadas:
Status: active
Downside is having no ufw logs. If anyone who has experience with Kernel modules could check what’s missing, would be great
