Ubuntu
ufw package

ufw complains when ipv6 and/or ip6_tables is not available

Bug #194844 reported by Shirish Agarwal
32
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ufw (Ubuntu)
Fix Released
Undecided
Jamie Strandboge
Hardy
Fix Released
Undecided
Jamie Strandboge

Bug Description

On kernels that don't have ipv6 compiled or have it blacklisted, the user is presented with confusing stderr output from ip6tables, even though the firewall does setup IPv4 rules correctly. Eg:

$ sudo ufw enable
FATAL: Module ip6_tables not found.
ip6tables-restore v1.3.8: ip6tables-restore: unable to initialize table 'filter'

Error occurred at line: 1
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
WARN: problem running ip6tables
Firewall started and enabled on system startup

See original description
Revision history for this message
Shirish Agarwal (shirishag75) wrote :

networking is/was up before i tried the tool. So maybe tht's another something that needs to be looked at.

Revision history for this message
Fred (eldmannen+launchpad) wrote :

~$ ufw --version
ufw 0.12
Copyright (C) 2008 Canonical Ltd.

How can you have 0.13?
I have 0.12 and there are no updates in the Update Manager. :(

I type "ufw enable" and it gets enabled, but after I restart the computer, its disabled again. :(

Revision history for this message
Shirish Agarwal (shirishag75) wrote :

Fred, you're right, its 0.12 sorry for that version mix-up.

Revision history for this message
c.bubel (c-bubel) wrote :

I can confirm this an a Linux-vserver with the hardy release version.

# ufw --version
ufw 0.16.2

# ufw enable
ERROR: problem running init script

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

c.bubel,

Can you run 'sudo /etc/init.d/ufw force-reload' and post the output?

Revision history for this message
c.bubel (c-bubel) wrote :

# /etc/init.d/ufw force-reload
 * Stopping firewall: ufw... FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
iptables v1.3.8: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
iptables v1.3.8: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
iptables v1.3.8: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
iptables v1.3.8: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
iptables v1.3.8: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.22-3-vserver-amd64/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.

Maybe this helps too:

# uname -r
2.6.22-3-vserver-amd64

Revision history for this message
Jamie Strandboge (jdstrand) wrote : Re: [Bug 194844] Re: [Hardy] ufw doesn't start in a networked environment

The above needs to be run as root. Can you post the output of this:

sudo /etc/init.d/ufw force-reload

If you were root (as seems to be indicated by the '#' prompt), then
please post the output of:

sudo iptables -L -n

Revision history for this message
Zoyberg (zoyberg) wrote : Re: [Hardy] ufw doesn't start in a networked environment

I have a similar problem when ufw enables or disables in UBUNTU LTS 8.04 server
with kernel for virtual:

#uname -a
Linux vubux 2.6.24-17-virtual #1 SMP Thu May 1 15:40:03 UTC 2008 i686 GNU/Linux

#ufw --version
ufw 0.16.2

This message appears when enabling:

#ufw enable
FATAL: Module ip6_tables not found.
ip6tables-restore v1.3.8: ip6tables-restore: unable to initialize table 'filter'

Error occurred at line: 1
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
WARN: problem running ip6tables
Firewall started and enabled on system startup

BUT it actually WORKS!. See attached "iptables -L -n"

Thank you.

Revision history for this message
Sam Johnston (samj) wrote :
Download full text (5.1 KiB)

This appears to be a problem with IPv6 support being required by ufw even when the user doesn't request it.

Although IPv6 is enabled by default in hardy, VPS providers do not appear to support it (like vpslink.com, per below - IP addresses changed to protect the innocent).

# ufw --version
ufw 0.16.2
Copyright (C) 2008 Canonical Ltd.
# ufw status
Firewall not loaded
# ufw enable
ERROR: problem running init script
# /etc/init.d/ufw force-reload
 * Stopping firewall: ufw...
FATAL: Could not load /lib/modules/2.6.18-ovz028stab039.1-smp/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.18-ovz028stab039.1-smp/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.18-ovz028stab039.1-smp/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.18-ovz028stab039.1-smp/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
FATAL: Could not load /lib/modules/2.6.18-ovz028stab039.1-smp/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
   ...fail!

# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-forward all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-output all -- 0.0.0.0/0 0.0.0.0/0

Chain ufw-after-forward (1 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK FORWARD]: '
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain ufw-after-input (1 references)
target prot opt source destination
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
RETURN udp -- 0.0.0...

Read more...

Revision history for this message
parren (peter-arrenbrecht) wrote :

FWIW, you can get it to run properly on vpslink.com by hacking /usr/sbin/ufw:

--- /usr/sbin/ufw 2008-06-05 11:25:16.000000000 +0200
+++ /home/peo/tmp/ufw 2008-06-27 09:38:30.000000000 +0200
@@ -609,6 +609,7 @@
         return False

     def use_ipv6(self):
+ return False
         if self.defaults.has_key('ipv6') and \
            self.defaults['ipv6'] == 'yes' and \
            os.path.exists("/proc/sys/net/ipv6"):
@@ -970,7 +971,7 @@
                 raise UFWError("problem running init script")

         # When ipv6 not enabled, just enable it on loopback
- if not self.use_ipv6() and os.path.exists("/proc/sys/net/ipv6"):
+ if False and not self.use_ipv6() and os.path.exists("/proc/sys/net/ipv6"):
             ipv6conf = '''*filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]

-parren

Revision history for this message
Eremit (ingo-busse) wrote :

I have the same problem.

@parren Can you post the complete file ufw and the version?

I have version 0.16.2.1.

Thanks Eremit.

Revision history for this message
parren (peter-arrenbrecht) wrote : Re: [Bug 194844] Re: [Hardy] ufw doesn't start in a networked environment
  • ufw Edit (43.3 KiB, application/octet-stream; name=ufw)

> @parren Can you post the complete file ufw and the version?
>
> I have version 0.16.2.1.

Just discovered that it only _says_ it works when called twice to
enable - don't know so far if it really does (though the firewall
seems to do something). So that still looks a little fishy.

I have 0.16.2.1 as well. Patched version is attached.
-parren

Jamie Strandboge (jdstrand)
description: updated
Revision history for this message
yell0w (yellowbloc+ubuntulaunchpad) wrote : Re: ufw complains when ipv6 is blacklisted
Download full text (3.7 KiB)

confirmed not working on a Xen vps where ipv6's not supported.

The strange thing is, everything seem to work right, ufw status showing it allowing/denying the ports it should allow/deny.

However, when i do "ufw default deny" everything networkwise is gone (can't ping, dig, wget, apt-get, etc... ) wherewas "ufw default allow" makes everything work like normal.

I don't know whether the ipv6 issue causes this, but here's why I think it might:
# /etc/init.d/ufw force-reload
 * Stopping firewall: ufw...
FATAL: Could not load /lib/modules/2.6.18-53.1.6.el5.028stab053.6/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
---------------------------------------------------------------------------------------

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.04.1
Release: 8.04
Codename: hardy

------------------------------------------------

ufw --version
ufw 0.16.2.1
-----------------------------------------------
iptables -L -n:
--------------------------------------------
Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-forward all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-forward all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-output all -- 0.0.0.0/0 0.0.0.0/0
ufw-after-output all -- 0.0.0.0/0 0.0.0.0/0

Chain ufw-after-forward (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain ufw-after-input (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain ufw-after-output (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain ufw-before-forward (1 references)
target prot opt source destination
ufw-user-forward all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain ufw-before-input (1 references)
target prot opt source destination
ufw-user-input all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain ufw-before-output (1 references)
target prot opt source destination
ufw-user-output all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain ufw-not-local (0 references)
target prot opt source destination

Chain ufw-user-forward (1 references)
t...

Read more...

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. This should work ok if ipv6 is blacklisted, the problem is that ufw doesn't handle when ip6_tables.ko is not available. This will be fixed in a future update.

Changed in ufw:
assignee: nobody → jdstrand
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

A fix has been committed to the upstream branch and I will roll out 0.18.2 to intrepid after alpha freeze is over.

Changed in ufw:
status: Confirmed → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I. Users of ufw with kernels that do not have ipv6 and/or ip6_tables available see confusing error messages when enabling the firewall. ip6_tables is not available in the -virtual kernel, as well as other virtualization kernels. ufw does not require that ipv6 be available, and the errors are not fatal with regard to ipv4 rules still working.

II. this has been fixed in 0.18.2 (will be uploaded after alpha freeze). /etc/init.d/ufw has been adjusted to use 'ip6tables -L INPUT' to check if ipv6 firewall support is available. Previously, ufw attempted to detect ipv6 support by seeing it /proc/sys/net/ipv6 existed. This was not enough as some shipped kernels have ipv6 support, but not ipv6 firewall (ie ip6_tables) support enabled. Checking the return code of ' ip6tables -L INPUT' is a convenient check for both.

III. debdiff is attached that addresses this bug and bug #251355 (also SRU candidate).

IV. TEST CASE
  1. install -virtual kernel and reboot into it
  2. sudo ufw enable (lot's of error output)
  3. sudo /etc/init.d/ufw stop (lot's of error output)
  4. sudo /etc/init.d/ufw restart (lot's of error output)
  5. sudo /etc/init.d/ufw force-reload

V. It is believed there is no regression potential for this patch. See bug #251355 for further discussion regarding it's changes.

Changed in ufw:
assignee: nobody → jdstrand
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in ufw:
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ufw - 0.18.2

---------------
ufw (0.18.2) intrepid; urgency=low

  * fix confusing error output when ipv6 or ip6_tables is not available.
    Patch from trunk. (LP: #194844)
  * fix initscript not setting default ipv6 policy when IPV6=no (LP: #251355)
  * update ucf checksums to include those from 0.16.2
  * bump version

 -- Jamie Strandboge <email address hidden> Fri, 11 Jul 2008 18:38:58 -0400

Changed in ufw:
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Confirmed 0.16.2.3 fixes the above test case. Ran 'sudo ip6tables -n -L' to verify that ipv6 firewall support is not available (it wasn't). Additionally, 'sudo ufw status' and 'sudo iptables -n -L' show that IPv4 continues to work normally. Finally, setting 'IPV6=yes' on this kernel continues to give the expected error messages about skipping ipv6 when using the initscript.

Revision history for this message
Martin Pitt (pitti) wrote :

Copied to hardy-updates.

Changed in ufw:
status: Fix Committed → Fix Released
Revision history for this message
CK Ng (niceckng) wrote :

I'm still getting this problem with ufw 0.16.2.4

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.04.2
Release: 8.04
Codename: hardy

# ufw version
ufw 0.16.2.4

# cat /etc/default/ufw
IPV6=no

# ip6tables -n -L
FATAL: Could not load /lib/modules/2.6.18-028stab060.8/modules.dep: No such file or directory
ip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

Changed in ufw (Ubuntu Hardy):
status: Fix Released → Incomplete
Revision history for this message
Martin Pitt (pitti) wrote :

> FATAL: Could not load /lib/modules/2.6.18-028stab060.8/modules.dep: No such file or directory

You are not running a standard Ubuntu kernel, it seems?

Changed in ufw (Ubuntu Hardy):
status: Incomplete → Fix Released
Revision history for this message
CK Ng (niceckng) wrote :

It is a VPS, it should be a custom kernel, I think. So you think it is the kernel issue? What should I look into then, so that I can at least feedback to the hosting.

Revision history for this message
Will (war59312) wrote :

Looks like its broken again in Ubuntu 12.10. :(

After the upgrade I am getting this bug. Bummer!

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

war59312, you should file a new bug using 'ubuntu-bug ufw'. Please include the error output and how you disabled ipv6. Thanks

Revision history for this message
Kai Raven (kr-aven) wrote :

I have upgraded from Precise to Quantal yesterday and ufw doesn't work. I have compiled my own kernel without IPv6 and the IPv6 netfilter modules, my kernel is running with ipv6.disable=1, ufw config has IPV6=no and so on (i don't need and want IPv6 now). ufw complained with:

root@host:~# ufw enable
ERROR: initcaps
[Errno 2] FATAL: Module ip6_tables not found.
ip6tables v1.4.12: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

lsmod:
iptable_filter 12706 1
iptable_nat 12942 1
ip_tables 17791 2 iptable_nat,iptable_filter
ipt_REDIRECT 12493 1
nf_conntrack 70531 6 iptable_nat,xt_state,nf_nat_ftp,nf_nat,nf_conntrack_ipv4,nf_conntrack_ftp
nf_conntrack_ftp 13078 1 nf_nat_ftp
nf_conntrack_ipv4 19014 9 iptable_nat,nf_nat
nf_defrag_ipv4 12649 1 nf_conntrack_ipv4
nf_nat 20253 3 ipt_REDIRECT,iptable_nat,nf_nat_ftp
nf_nat_ftp 12548 0
x_tables 21889 10 xt_recent,xt_multiport,ipt_REDIRECT,iptable_nat,xt_limit,xt_tcpudp,xt_addrtype,xt_state,iptable_filter,ip_tables
xt_addrtype 12535 4
xt_limit 12514 1
xt_multiport 12533 0
xt_recent 13870 0
xt_state 12514 6
xt_tcpudp 12531 11

I have found (in the web, changelogs...) nothing(!), that IPv6 with ufw 0.33 is mandatory now. But i think it is a bug in the /lib/ufw/ufw-init scripts, because i simply copied the old scripts vom the Precise ufw package and all works fine - no more errors, complains.

Revision history for this message
Will (war59312) wrote :

Jamie Strandboge, that's just it.

I am running a stock build of Ubuntu 12.10 from a stock build of Ubuntu 12.04.

I have NOT disabled ipv6 at all.

Kai Raven, I can confirm that works for me as well. :)

Revision history for this message
Kai Raven (kr-aven) wrote :

@war59312: Yes, it works, but only partially:

No ufw show raw|builtins|*-rules or ufw allow|insert|delete:

ufw --dry-run insert 3 allow in on eth0 from any to 192.168.1.12 port 9999 proto tcp
### tuple ### allow tcp 9999 192.168.1.10 any 0.0.0.0/0 in_eth0
-A ufw-user-input -i eth0 -p tcp -d 192.168.1.10 --dport 9999 -j ACCEPT
Regeln aktualisiert

ufw insert 3 allow in on eth0 from any to 192.168.1.12 port 9999 proto tcp
ERROR: initcaps
[Errno 2] ip6tables v1.4.12: can't initialize ip6tables table `filter': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.

Or ufw status shows state: active, initctl status ufw not.

Now all works with ufw-0.33 (and the ufw-init scripts) too. My steps (today):

I have recompiled the kernel with IPv6 for protocoll and netfilter:
CONFIG_IPV6=m
CONFIG_NF_DEFRAG_IPV6=m
CONFIG_NF_CONNTRACK_IPV6=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_REJECT=m
# CONFIG_IP6_NF_MANGLE is not set (should, compiled manually)
CONFIG_IP6_NF_RAW=m

Changed my kernel/grub commandline:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 ipv6.autoconf=0 ipv6.disable_ipv6=1
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=0 ipv6.autoconf=0 ipv6.disable_ipv6=1

Added in /etc/modules:
ip6_tables
ip6table_filter
ip6table_raw
ip6table_mangle

lsmod:

ip6table_filter 12711 1
ip6table_mangle 12620 0
ip6table_raw 12603 0
ip6_tables 17970 3 ip6table_mangle,ip6table_raw,ip6table_filter
iptable_filter 12706 1
iptable_mangle 12615 0
iptable_nat 12942 1
iptable_raw 12598 0
ip_tables 17791 4 iptable_raw,iptable_mangle,iptable_nat,iptable_filter
ipv6 236656 11 ip6table_mangle,nf_conntrack_ipv6,nf_defrag_ipv6
nf_conntrack 71038 7 nf_conntrack_ipv6,iptable_nat,xt_state,nf_nat_ftp,nf_nat,nf_conntrack_ipv4,nf_conntrack_ftp
nf_conntrack_ftp 13078 1 nf_nat_ftp
nf_conntrack_ipv4 19014 20 iptable_nat,nf_nat
nf_conntrack_ipv6 13573 0
nf_defrag_ipv4 12649 1 nf_conntrack_ipv4
nf_defrag_ipv6 12969 1 nf_conntrack_ipv6
nf_nat 20253 3 ipt_REDIRECT,iptable_nat,nf_nat_ftp
nf_nat_ftp 12548 0
x_tables 21889 18 ip6table_mangle,iptable_raw,iptable_mangle,xt_recent,ipt_REJECT,xt_LOG,xt_multiport,xt_limit,xt_addrtype,ipt_REDIRECT,xt_tcpudp,iptable_nat,xt_state,iptable_filter,ip_tables,ip6table_raw,ip6table_filter,ip6_tables

Now, all ufw commands work and the output of iptables -L -n -v (-t nat) looks good too.
So, i think, even with IPV6=No in /etc/default/ufw, no relevant IPv6 rules/networking and so on, ufw-0.33 needs some "IPv6" :)

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for your input. The bug you are describing is a different bug than this bug. Bug #1039729 will track the fix for the new bug.

Revision history for this message
Tomás F. L. (v17564) wrote :

Hello.
I have found the following mistake:
Manjaro 0.8.13-rc1
OpenRC 0.16.3
Ufw 0.33.3
Linux manjaro 3.18.14-1-MANJARO #1 SMP PREEMPT Mon May 25 01:26:15 UTC 2015 x86_64 GNU/Linux

x64
---
IPv6 disable in kernel work OK but Ufw has an error with ipv6.disable=1 in GRUB_CMDLINE_LINUX_DEFAULT of /etc/default/grub

ufw status
Traceback (most recent call last):
  File "/usr/bin/ufw", line 95, in <module>
    ui = ufw.frontend.UFWFrontend(pr.dryrun)
  File "/usr/lib/python2.7/site-packages/ufw/frontend.py", line 153, in __init__
    self.backend = UFWBackendIptables(dryrun)
  File "/usr/lib/python2.7/site-packages/ufw/backend_iptables.py", line 45, in __init__
    ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files)
  File "/usr/lib/python2.7/site-packages/ufw/backend.py", line 88, in __init__
    nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables)
  File "/usr/lib/python2.7/site-packages/ufw/util.py", line 734, in get_netfilter_capabilities
    raise OSError(errno.ENOENT, out)
OSError: [Errno 2] ip6tables v1.4.21: can't initialize ip6tables table `filter': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.

Disable IPv6 in /etc/sysctl.d/40-ipv6.conf work always OK.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Tomas, is this with or with 'IPV6=yes' in /etc/default/ufw?

Revision history for this message
Tomás F. L. (v17564) wrote :

Hi Jamie.

Is with 'IPV6=no' in /etc/default/ufw

The error is with the commands "ufw enable/status" and Ufw don't start.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Tomas, I believe this is fixed in 0.34rc. If you can reproduce with trunk or 0.34 after it is released, please file a new bug. Thanks!

Revision history for this message
Tomás F. L. (v17564) wrote :

Hi Jamie.

The new version 0.34-1 solve the bug.

Thanks.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.