Ubuntu
ufw package

  1. Bug #194844
  2. Comment #29

Comment 29 for bug 194844

Revision history for this message
Kai Raven (kr-aven) wrote :

@war59312: Yes, it works, but only partially:

No ufw show raw|builtins|*-rules or ufw allow|insert|delete:

ufw --dry-run insert 3 allow in on eth0 from any to 192.168.1.12 port 9999 proto tcp
### tuple ### allow tcp 9999 192.168.1.10 any 0.0.0.0/0 in_eth0
-A ufw-user-input -i eth0 -p tcp -d 192.168.1.10 --dport 9999 -j ACCEPT
Regeln aktualisiert

ufw insert 3 allow in on eth0 from any to 192.168.1.12 port 9999 proto tcp
ERROR: initcaps
[Errno 2] ip6tables v1.4.12: can't initialize ip6tables table `filter': Address family not supported by protocol
Perhaps ip6tables or your kernel needs to be upgraded.

Or ufw status shows state: active, initctl status ufw not.

Now all works with ufw-0.33 (and the ufw-init scripts) too. My steps (today):

I have recompiled the kernel with IPv6 for protocoll and netfilter:
CONFIG_IPV6=m
CONFIG_NF_DEFRAG_IPV6=m
CONFIG_NF_CONNTRACK_IPV6=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_REJECT=m
# CONFIG_IP6_NF_MANGLE is not set (should, compiled manually)
CONFIG_IP6_NF_RAW=m

Changed my kernel/grub commandline:
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 ipv6.autoconf=0 ipv6.disable_ipv6=1
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=0 ipv6.autoconf=0 ipv6.disable_ipv6=1

Added in /etc/modules:
ip6_tables
ip6table_filter
ip6table_raw
ip6table_mangle

lsmod:

ip6table_filter 12711 1
ip6table_mangle 12620 0
ip6table_raw 12603 0
ip6_tables 17970 3 ip6table_mangle,ip6table_raw,ip6table_filter
iptable_filter 12706 1
iptable_mangle 12615 0
iptable_nat 12942 1
iptable_raw 12598 0
ip_tables 17791 4 iptable_raw,iptable_mangle,iptable_nat,iptable_filter
ipv6 236656 11 ip6table_mangle,nf_conntrack_ipv6,nf_defrag_ipv6
nf_conntrack 71038 7 nf_conntrack_ipv6,iptable_nat,xt_state,nf_nat_ftp,nf_nat,nf_conntrack_ipv4,nf_conntrack_ftp
nf_conntrack_ftp 13078 1 nf_nat_ftp
nf_conntrack_ipv4 19014 20 iptable_nat,nf_nat
nf_conntrack_ipv6 13573 0
nf_defrag_ipv4 12649 1 nf_conntrack_ipv4
nf_defrag_ipv6 12969 1 nf_conntrack_ipv6
nf_nat 20253 3 ipt_REDIRECT,iptable_nat,nf_nat_ftp
nf_nat_ftp 12548 0
x_tables 21889 18 ip6table_mangle,iptable_raw,iptable_mangle,xt_recent,ipt_REJECT,xt_LOG,xt_multiport,xt_limit,xt_addrtype,ipt_REDIRECT,xt_tcpudp,iptable_nat,xt_state,iptable_filter,ip_tables,ip6table_raw,ip6table_filter,ip6_tables

Now, all ufw commands work and the output of iptables -L -n -v (-t nat) looks good too.
So, i think, even with IPV6=No in /etc/default/ufw, no relevant IPv6 rules/networking and so on, ufw-0.33 needs some "IPv6" :)