Ufw error problem running ip6tables



ERROR: Problem running ip6tables

Affects Status Importance Assigned to Milestone
ufw

Bug Description

Error shows when I type in the following command:

sudo ufw status

My OS: Debian/Linux

What is the output of the following command:

$ sudo /usr/share/ ufw/check- requirements

I suspect you have disabled ipv6 in some manner. You might be able to simply use IPV6=no in /etc/default/ufw.

Changed in ufw:
status: New → Incomplete
  • 1E1484DC46934C0FA914F248208FCA1C.pngEdit (158 bytes, image/png; name=»1E1484DC46934C0FA914F248208FCA1C.png»)

Im sorry to say that I have completely wiped my Linux machine and reinstalled Raspbian and everything works fine now. I did not touch anything to do with the ip6tables beforehand. Possibly got corrupted somehow.

From: on behalf of costales
Sent: Wednesday, June 6, 2018 8:15:51 PM
To:
Subject: [Bug 1775282] Re: ERROR: Problem running ip6tables

** No longer affects: gui-ufw


You received this bug notification because you are subscribed to the bug
report.
https:/ /bugs.launchpad .net/bugs/ 1775282

Title:
ERROR: Problem running ip6tables

Status in ufw:
Incomplete

Bug description:
Error shows when I type in the following command:

sudo ufw status

My OS: Debian/Linux

Thanks for getting back to me. Glad it is working now. Since there is a lack of information, I’m going to close this bug. Please feel free to report other issues you may find.

Changed in ufw:
status: Incomplete → Invalid

I am getting the same error:

# ufw status
ERROR: problem running ip6tables

But the requirements check passed:

# /usr/share/ ufw/check- requirements
Has python: pass (binary: python3, version: 3.8.5, py3)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)?
== IPv4 ==
Creating ‘ufw-check- requirements’ . done
Inserting RETURN at top of ‘ufw-check- requirements’ . done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
ctstate (NEW): pass
ctstate (RELATED): pass
ctstate (ESTABLISHED): pass
ctstate (INVALID): pass
ctstate (new, recent set): pass
ctstate (new, recent update): pass
ctstate (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination- unreachable) : pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter- problem) : pass
icmp (echo-request): pass

== IPv6 ==
Creating ‘ufw-check- requirements6’ . done
Inserting RETURN at top of ‘ufw-check- requirements6’ . done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
ctstate (NEW): pass
ctstate (RELATED): pass
ctstate (ESTABLISHED): pass
ctstate (INVALID): pass
ctstate (new, recent set): pass
ctstate (new, recent update): pass
ctstate (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination- unreachable) : pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter- problem) : pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor- solicitation) : pass
icmpv6 with hl (neighbor- advertisement) : pass
icmpv6 with hl (router- solicitation) : pass
icmpv6 with hl (router- advertisement) : pass
ipv6 rt: pass

Источник

Debian User Forums

Software conflict between iptables and ufw? SOLVED!

Software conflict between iptables and ufw? SOLVED!

#1 Post by rayos » 2020-02-10 11:08

Debian Bullseye. Packages: ufw 0.36-1 and Iptables 1.8.4-2

Hello everybody! Ufw now doesn’t work after a package update and if it’s enable internet is blocked.

While doing a reboot some minutes ago, the PC lost the graphic environment and the internet connection.

The screen went black, but by pressing «Ctrl + Alt + F1» I could access a tty and recover the desktop environment using the startx command

I checked with cat /var/log/dpkg.log | grep «status installed» the last packages installed and I saw that one of the updated packages was «iptables».

In order to test if it was a problem with the firewall I deactivated the ufw firewall interface and everything went back to normal again.

With ufw disabled everything works fine again and when doing a reboot the desktop environment appears without using startx, but with ufw enabled I have to activate the X with startx command and the internet connection is blocked.

I guess this is an incompatibility between the new version of iptables and the old ufw version in the Debian testing repository.

$ iptables —version
iptables v1.8.4 (nf_tables)

$ ufw —version
ufw 0.36
Copyright 2008-2015 Canonical Ltd.

If I start ufw it gives an error warning and internet crashes:

# ufw enable
ERROR: problem running ufw-init
iptables-restore: COMMIT expected at line 21
iptables-restore: line 2 failed
iptables-restore: line 2 failed
ip6tables-restore: COMMIT expected at line 21
ip6tables-restore: line 2 failed
ip6tables-restore: line 2 failed
Problem running ‘/etc/ufw/user.rules’
Problem running ‘/etc/ufw/user6.rules’

# ufw status
Status: active

$ ping -c1 google.com
. there is no Internet conection

# ufw disable
Firewall stopped and disabled on system startup

$ ping -c1 google.com
. with ufw disabled there’s internet connection

I uninstalled ufw by purging the configuration files, reinstalled it again and I get the same error message, but now without the «problem running» warnings.

I imagine the problem will be that Debian updated iptables without realizing that ufw would fail, I don’t know.

Источник

UFW (enable and iptables fails)

Affects Status Importance Assigned to Milestone
ufw

Bug Description

EDIT: more info that you request 😀

net-firewall/ iptables
Latest version available: 1.4.16.3
Latest version installed: 1.4.16.3

$ uname -r
3.6.8-gentoo

also i tried with two versions of ufw and iptables and same issue

i havent any problem to emerge (i already have in my kernel netfilter options)

and yes i have ipv6 active in my kernel

ufw 0.33-r1
kcm-ufw 0.4.3

when i run ufw enable:
ERROR: problem running ufw-init
iptables-restore: line 35 failed
ip6tables-restore: line 35 failed

Problem running ‘/etc/ufw/ user/user. rules’
Problem running ‘/etc/ufw/ user/user6. rules’

then i do ufw reset and again ufw enable:
ERROR: problem running ufw-init
iptables-restore: line 11 failed

Problem running ‘/etc/ufw/ user/user. rules’

also i have a strage problem with frontend kcm-ufw, because i cant set «enable» when i just go back and go in again always show «disable», so i do eselect python set 1 (to choose python 2) and it works relatively good (because it says that it’s working but ufw daemon just dont work)

Im on Gentoo x64. Sorry i speak little english, thx!

EDIT: info requested:

Jarvis x11tete11x # cat /etc/ufw/ user/user. rules
*filter
:ufw-user-input — [0:0]
:ufw-user-output — [0:0]
:ufw-user-forward — [0:0]
:ufw-before- logging- input — [0:0]
:ufw-before- logging- output — [0:0]
:ufw-before- logging- forward — [0:0]
:ufw-user- logging- input — [0:0]
:ufw-user- logging- output — [0:0]
:ufw-user- logging- forward — [0:0]
:ufw-after- logging- input — [0:0]
:ufw-after- logging- output — [0:0]
:ufw-after- logging- forward — [0:0]
:ufw-logging-deny — [0:0]
:ufw-logging-allow — [0:0]
:ufw-user-limit — [0:0]
:ufw-user- limit-accept — [0:0]
### RULES ###

### LOGGING ###
-A ufw-after- logging- input -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-A ufw-after- logging- forward -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-I ufw-logging-deny -m conntrack —ctstate INVALID -j RETURN -m limit —limit 3/min —limit-burst 10
-A ufw-logging-deny -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-A ufw-logging-allow -j LOG —log-prefix «[UFW ALLOW] » -m limit —limit 3/min —limit-burst 10
### END LOGGING ###

### RATE LIMITING ###
-A ufw-user-limit -m limit —limit 3/minute -j LOG —log-prefix «[UFW LIMIT BLOCK] »
-A ufw-user-limit -j REJECT
-A ufw-user- limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

Jarvis x11tete11x # cat /etc/ufw/ user/user6. rules
*filter
:ufw6-user-input — [0:0]
:ufw6-user-output — [0:0]
:ufw6-user-forward — [0:0]
:ufw6-before- logging- input — [0:0]
:ufw6-before- logging- output — [0:0]
:ufw6-before- logging- forward — [0:0]
:ufw6-user- logging- input — [0:0]
:ufw6-user- logging- output — [0:0]
:ufw6-user- logging- forward — [0:0]
:ufw6-after- logging- input — [0:0]
:ufw6-after- logging- output — [0:0]
:ufw6-after- logging- forward — [0:0]
:ufw6-logging-deny — [0:0]
:ufw6-logging-allow — [0:0]
:ufw6-user-limit — [0:0]
:ufw6-user- limit-accept — [0:0]
### RULES ###

### LOGGING ###
-A ufw6-after- logging- input -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-A ufw6-after- logging- forward -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-I ufw6-logging-deny -m conntrack —ctstate INVALID -j RETURN -m limit —limit 3/min —limit-burst 10
-A ufw6-logging-deny -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-A ufw6-logging-allow -j LOG —log-prefix «[UFW ALLOW] » -m limit —limit 3/min —limit-burst 10
### END LOGGING ###

### RATE LIMITING ###
-A ufw6-user-limit -m limit —limit 3/minute -j LOG —log-prefix «[UFW LIMIT BLOCK] »
-A ufw6-user-limit -j REJECT
-A ufw6-user- limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

Thanks for reporting a bug. Can you provide the following:
* /etc/ufw/ user/user. rules is an interesting location for the user rules. Is that the normal location on Gentoo?
* what is the output of the following command: /usr/share/ ufw/check- requirements (needs to be run as root. Also, the location may be different on gentoo)
* attach /etc/ufw/ user/user. rules

Changed in ufw:
status: New → Incomplete

Thx! for quickly answer. Well new in Gentoo, and it’s the first time that i set up a Firewall, i cant tell you if it’s the normal location for rules :(.

i search for check-requierements but i havent that command. Thx for your help! 🙂

Jarvis x11tete11x # ls /usr/share/ufw/
iptables messages ufw-init ufw-init-functions

iptables and messages are directories

ls /etc/ufw/
after.rules after6. rules.20121107_ 104724 before. rules.20121107_ 104724 before6. rules.20121107_ 104903
after.rules. 20121107_ 104724 after6. rules.20121107_ 104903 before. rules.20121107_ 104903 before6. rules.20121107_ 112536
after.rules. 20121107_ 104903 after6. rules.20121107_ 112536 before. rules.20121107_ 112536 before6. rules.20121107_ 122157
after.rules. 20121107_ 112536 after6. rules.20121107_ 122157 before. rules.20121107_ 122157 before6. rules.20121107_ 135109
after.rules. 20121107_ 122157 after6. rules.20121107_ 135109 before. rules.20121107_ 135109 sysctl.conf
after.rules. 20121107_ 135109 applications.d before6.rules ufw.conf
after6.rules before.rules before6. rules.20121107_ 104724 user

application.d and user are directories 🙂

Jamie, I can answer your question regarding the path in ufw as I’m the one who did it (I maintain ufw in Gentoo, via someone who commits my changes as I’m not a Gentoo developer — I think it’s called sponsorship in Debian world).

> * /etc/ufw/ user/user. rules is an interesting location for the user rules. Is that the normal location on Gentoo?
Yes, it is. On Gentoo ufw doesn’t keep its files in /lib (it was suggested to me even before ufw appeared in Gentoo), and its init script depends on a service that mounts partitions like /usr, so it’s OK.
More importantly, user’s configuration is in /etc/ufw/user. This way configuration files are protected without CONFIG_PROTECT, which is another possibility, but a bit ugly one.
Besides that, there are currently patches that do the following:
— disable iptables check in setup.py, so it’s not required at install time, only at runtime (very optional one, but also trivial),
— use conntrack (I filed you a bug and provided a patch — it was about this :)),
— patch from bug 819600 (now it looks a bit differently).

> * what is the output of the following command: /usr/share/ ufw/check- requirements (needs to be run as root. Also, the location may be different on gentoo)
Ufw build system doesn’t install check-requirements script, so it hasn’t been present in Gentoo. Now that I’m reading this bug and your reply, I think that it will be a good idea to start providing it.

x11tete11x:
I’d like to ask you for additional information. All of them could be useful.
Which iptables version? What USE flags used for net-firewall/ iptables? Do you have enabled IPv6 support in the kernel? Please also provide «uname -r» output.
If you uninstall ufw and then install it again, does it help?
Does downgrading ufw to 0.31.1-r1 help?
Thanks in advance.

I am now suffering from the same problem as x11tete11x. Here is the information from my laptop running Gentoo:

# uname -a
Linux meshedgedx 3.6.1-gentoo #1 SMP Tue Oct 9 20:34:34 BST 2012 x86_64 Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz GenuineIntel GNU/Linux

# # At this point I can browse the Internet.
# ufw status verbose
Status: inactive
# ufw enable
ERROR: problem running ufw-init
iptables-restore: line 35 failed
ip6tables-restore: line 35 failed

Problem running ‘/etc/ufw/ user/user. rules’
Problem running ‘/etc/ufw/ user/user6. rules’

# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
# # At this point I cannot browse the Internet.
# ufw disable
Firewall stopped and disabled on system startup
# # At this point I can browse the Internet again.

# ./check- requirements
Has python: pass (binary: python2.7, version: 2.7.3, py2)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? Y
== IPv4 ==
Creating ‘ufw-check- requirements’ . done
Inserting RETURN at top of ‘ufw-check- requirements’ . done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination- unreachable) : pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter- problem) : pass
icmp (echo-request): pass

== IPv6 ==
Creating ‘ufw-check- requirements6’ . done
Inserting RETURN at top of ‘ufw-check- requirements6’ . done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination- unreachable) : pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter- problem) : pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor- solicitation) : pass
icmpv6 with hl (neighbor- advertisement) : pass
icmpv6 with hl (router- solicitation) : pass
icmpv6 with hl (router- advertisement) : pass

FAIL: check your kernel and that you have iptables >= 1.4.0
#

# eix -I ufw
[I] kde-misc/kcm-ufw
Available versions: (4) (

Источник

Читайте также:  Launcherinterfacecheck failed with error 2 не удается найти указанный файл cossacks
Оцените статью
toolgir.ru
Adblock
detector