ERROR: Problem running ip6tables
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ufw | |||||
Bug Description
Error shows when I type in the following command:
sudo ufw status
My OS: Debian/Linux
What is the output of the following command:
$ sudo /usr/share/ ufw/check- requirements
I suspect you have disabled ipv6 in some manner. You might be able to simply use IPV6=no in /etc/default/ufw.
| Changed in ufw: | |
| status: | New → Incomplete |
- 1E1484DC46934C0FA914F248208FCA1C.pngEdit (158 bytes, image/png; name=»1E1484DC46934C0FA914F248208FCA1C.png»)
Im sorry to say that I have completely wiped my Linux machine and reinstalled Raspbian and everything works fine now. I did not touch anything to do with the ip6tables beforehand. Possibly got corrupted somehow.
From: on behalf of costales
Sent: Wednesday, June 6, 2018 8:15:51 PM
To:
Subject: [Bug 1775282] Re: ERROR: Problem running ip6tables
** No longer affects: gui-ufw
—
You received this bug notification because you are subscribed to the bug
report.
https:/ /bugs.launchpad .net/bugs/ 1775282
Title:
ERROR: Problem running ip6tables
Status in ufw:
Incomplete
Bug description:
Error shows when I type in the following command:
sudo ufw status
My OS: Debian/Linux
Thanks for getting back to me. Glad it is working now. Since there is a lack of information, I’m going to close this bug. Please feel free to report other issues you may find.
| Changed in ufw: | |
| status: | Incomplete → Invalid |
I am getting the same error:
# ufw status
ERROR: problem running ip6tables
But the requirements check passed:
# /usr/share/ ufw/check- requirements
Has python: pass (binary: python3, version: 3.8.5, py3)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)?
== IPv4 ==
Creating ‘ufw-check- requirements’ . done
Inserting RETURN at top of ‘ufw-check- requirements’ . done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
ctstate (NEW): pass
ctstate (RELATED): pass
ctstate (ESTABLISHED): pass
ctstate (INVALID): pass
ctstate (new, recent set): pass
ctstate (new, recent update): pass
ctstate (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination- unreachable) : pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter- problem) : pass
icmp (echo-request): pass
== IPv6 ==
Creating ‘ufw-check- requirements6’ . done
Inserting RETURN at top of ‘ufw-check- requirements6’ . done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
ctstate (NEW): pass
ctstate (RELATED): pass
ctstate (ESTABLISHED): pass
ctstate (INVALID): pass
ctstate (new, recent set): pass
ctstate (new, recent update): pass
ctstate (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination- unreachable) : pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter- problem) : pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor- solicitation) : pass
icmpv6 with hl (neighbor- advertisement) : pass
icmpv6 with hl (router- solicitation) : pass
icmpv6 with hl (router- advertisement) : pass
ipv6 rt: pass
Debian User Forums
Software conflict between iptables and ufw? SOLVED!
Software conflict between iptables and ufw? SOLVED!
#1 Post by rayos » 2020-02-10 11:08
Debian Bullseye. Packages: ufw 0.36-1 and Iptables 1.8.4-2
Hello everybody! Ufw now doesn’t work after a package update and if it’s enable internet is blocked.
While doing a reboot some minutes ago, the PC lost the graphic environment and the internet connection.
The screen went black, but by pressing «Ctrl + Alt + F1» I could access a tty and recover the desktop environment using the startx command
I checked with cat /var/log/dpkg.log | grep «status installed» the last packages installed and I saw that one of the updated packages was «iptables».
In order to test if it was a problem with the firewall I deactivated the ufw firewall interface and everything went back to normal again.
With ufw disabled everything works fine again and when doing a reboot the desktop environment appears without using startx, but with ufw enabled I have to activate the X with startx command and the internet connection is blocked.
I guess this is an incompatibility between the new version of iptables and the old ufw version in the Debian testing repository.
$ iptables —version
iptables v1.8.4 (nf_tables)
$ ufw —version
ufw 0.36
Copyright 2008-2015 Canonical Ltd.
If I start ufw it gives an error warning and internet crashes:
# ufw enable
ERROR: problem running ufw-init
iptables-restore: COMMIT expected at line 21
iptables-restore: line 2 failed
iptables-restore: line 2 failed
ip6tables-restore: COMMIT expected at line 21
ip6tables-restore: line 2 failed
ip6tables-restore: line 2 failed
Problem running ‘/etc/ufw/user.rules’
Problem running ‘/etc/ufw/user6.rules’
# ufw status
Status: active
$ ping -c1 google.com
. there is no Internet conection
# ufw disable
Firewall stopped and disabled on system startup
$ ping -c1 google.com
. with ufw disabled there’s internet connection
I uninstalled ufw by purging the configuration files, reinstalled it again and I get the same error message, but now without the «problem running» warnings.
I imagine the problem will be that Debian updated iptables without realizing that ufw would fail, I don’t know.
UFW (enable and iptables fails)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ufw | |||||
Bug Description
EDIT: more info that you request 😀
net-firewall/ iptables
Latest version available: 1.4.16.3
Latest version installed: 1.4.16.3
$ uname -r
3.6.8-gentoo
also i tried with two versions of ufw and iptables and same issue
i havent any problem to emerge (i already have in my kernel netfilter options)
and yes i have ipv6 active in my kernel
ufw 0.33-r1
kcm-ufw 0.4.3
when i run ufw enable:
ERROR: problem running ufw-init
iptables-restore: line 35 failed
ip6tables-restore: line 35 failed
Problem running ‘/etc/ufw/ user/user. rules’
Problem running ‘/etc/ufw/ user/user6. rules’
then i do ufw reset and again ufw enable:
ERROR: problem running ufw-init
iptables-restore: line 11 failed
Problem running ‘/etc/ufw/ user/user. rules’
also i have a strage problem with frontend kcm-ufw, because i cant set «enable» when i just go back and go in again always show «disable», so i do eselect python set 1 (to choose python 2) and it works relatively good (because it says that it’s working but ufw daemon just dont work)
Im on Gentoo x64. Sorry i speak little english, thx!
EDIT: info requested:
Jarvis x11tete11x # cat /etc/ufw/ user/user. rules
*filter
:ufw-user-input — [0:0]
:ufw-user-output — [0:0]
:ufw-user-forward — [0:0]
:ufw-before- logging- input — [0:0]
:ufw-before- logging- output — [0:0]
:ufw-before- logging- forward — [0:0]
:ufw-user- logging- input — [0:0]
:ufw-user- logging- output — [0:0]
:ufw-user- logging- forward — [0:0]
:ufw-after- logging- input — [0:0]
:ufw-after- logging- output — [0:0]
:ufw-after- logging- forward — [0:0]
:ufw-logging-deny — [0:0]
:ufw-logging-allow — [0:0]
:ufw-user-limit — [0:0]
:ufw-user- limit-accept — [0:0]
### RULES ###
### LOGGING ###
-A ufw-after- logging- input -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-A ufw-after- logging- forward -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-I ufw-logging-deny -m conntrack —ctstate INVALID -j RETURN -m limit —limit 3/min —limit-burst 10
-A ufw-logging-deny -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-A ufw-logging-allow -j LOG —log-prefix «[UFW ALLOW] » -m limit —limit 3/min —limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw-user-limit -m limit —limit 3/minute -j LOG —log-prefix «[UFW LIMIT BLOCK] »
-A ufw-user-limit -j REJECT
-A ufw-user- limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT
Jarvis x11tete11x # cat /etc/ufw/ user/user6. rules
*filter
:ufw6-user-input — [0:0]
:ufw6-user-output — [0:0]
:ufw6-user-forward — [0:0]
:ufw6-before- logging- input — [0:0]
:ufw6-before- logging- output — [0:0]
:ufw6-before- logging- forward — [0:0]
:ufw6-user- logging- input — [0:0]
:ufw6-user- logging- output — [0:0]
:ufw6-user- logging- forward — [0:0]
:ufw6-after- logging- input — [0:0]
:ufw6-after- logging- output — [0:0]
:ufw6-after- logging- forward — [0:0]
:ufw6-logging-deny — [0:0]
:ufw6-logging-allow — [0:0]
:ufw6-user-limit — [0:0]
:ufw6-user- limit-accept — [0:0]
### RULES ###
### LOGGING ###
-A ufw6-after- logging- input -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-A ufw6-after- logging- forward -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-I ufw6-logging-deny -m conntrack —ctstate INVALID -j RETURN -m limit —limit 3/min —limit-burst 10
-A ufw6-logging-deny -j LOG —log-prefix «[UFW BLOCK] » -m limit —limit 3/min —limit-burst 10
-A ufw6-logging-allow -j LOG —log-prefix «[UFW ALLOW] » -m limit —limit 3/min —limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw6-user-limit -m limit —limit 3/minute -j LOG —log-prefix «[UFW LIMIT BLOCK] »
-A ufw6-user-limit -j REJECT
-A ufw6-user- limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT
Thanks for reporting a bug. Can you provide the following:
* /etc/ufw/ user/user. rules is an interesting location for the user rules. Is that the normal location on Gentoo?
* what is the output of the following command: /usr/share/ ufw/check- requirements (needs to be run as root. Also, the location may be different on gentoo)
* attach /etc/ufw/ user/user. rules
| Changed in ufw: | |
| status: | New → Incomplete |
Thx! for quickly answer. Well new in Gentoo, and it’s the first time that i set up a Firewall, i cant tell you if it’s the normal location for rules :(.
i search for check-requierements but i havent that command. Thx for your help! 🙂
Jarvis x11tete11x # ls /usr/share/ufw/
iptables messages ufw-init ufw-init-functions
iptables and messages are directories
ls /etc/ufw/
after.rules after6. rules.20121107_ 104724 before. rules.20121107_ 104724 before6. rules.20121107_ 104903
after.rules. 20121107_ 104724 after6. rules.20121107_ 104903 before. rules.20121107_ 104903 before6. rules.20121107_ 112536
after.rules. 20121107_ 104903 after6. rules.20121107_ 112536 before. rules.20121107_ 112536 before6. rules.20121107_ 122157
after.rules. 20121107_ 112536 after6. rules.20121107_ 122157 before. rules.20121107_ 122157 before6. rules.20121107_ 135109
after.rules. 20121107_ 122157 after6. rules.20121107_ 135109 before. rules.20121107_ 135109 sysctl.conf
after.rules. 20121107_ 135109 applications.d before6.rules ufw.conf
after6.rules before.rules before6. rules.20121107_ 104724 user
application.d and user are directories 🙂
Jamie, I can answer your question regarding the path in ufw as I’m the one who did it (I maintain ufw in Gentoo, via someone who commits my changes as I’m not a Gentoo developer — I think it’s called sponsorship in Debian world).
> * /etc/ufw/ user/user. rules is an interesting location for the user rules. Is that the normal location on Gentoo?
Yes, it is. On Gentoo ufw doesn’t keep its files in /lib (it was suggested to me even before ufw appeared in Gentoo), and its init script depends on a service that mounts partitions like /usr, so it’s OK.
More importantly, user’s configuration is in /etc/ufw/user. This way configuration files are protected without CONFIG_PROTECT, which is another possibility, but a bit ugly one.
Besides that, there are currently patches that do the following:
— disable iptables check in setup.py, so it’s not required at install time, only at runtime (very optional one, but also trivial),
— use conntrack (I filed you a bug and provided a patch — it was about this :)),
— patch from bug 819600 (now it looks a bit differently).
> * what is the output of the following command: /usr/share/ ufw/check- requirements (needs to be run as root. Also, the location may be different on gentoo)
Ufw build system doesn’t install check-requirements script, so it hasn’t been present in Gentoo. Now that I’m reading this bug and your reply, I think that it will be a good idea to start providing it.
x11tete11x:
I’d like to ask you for additional information. All of them could be useful.
Which iptables version? What USE flags used for net-firewall/ iptables? Do you have enabled IPv6 support in the kernel? Please also provide «uname -r» output.
If you uninstall ufw and then install it again, does it help?
Does downgrading ufw to 0.31.1-r1 help?
Thanks in advance.
I am now suffering from the same problem as x11tete11x. Here is the information from my laptop running Gentoo:
# uname -a
Linux meshedgedx 3.6.1-gentoo #1 SMP Tue Oct 9 20:34:34 BST 2012 x86_64 Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz GenuineIntel GNU/Linux
# # At this point I can browse the Internet.
# ufw status verbose
Status: inactive
# ufw enable
ERROR: problem running ufw-init
iptables-restore: line 35 failed
ip6tables-restore: line 35 failed
Problem running ‘/etc/ufw/ user/user. rules’
Problem running ‘/etc/ufw/ user/user6. rules’
# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
# # At this point I cannot browse the Internet.
# ufw disable
Firewall stopped and disabled on system startup
# # At this point I can browse the Internet again.
# ./check- requirements
Has python: pass (binary: python2.7, version: 2.7.3, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? Y
== IPv4 ==
Creating ‘ufw-check- requirements’ . done
Inserting RETURN at top of ‘ufw-check- requirements’ . done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination- unreachable) : pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter- problem) : pass
icmp (echo-request): pass
== IPv6 ==
Creating ‘ufw-check- requirements6’ . done
Inserting RETURN at top of ‘ufw-check- requirements6’ . done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination- unreachable) : pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter- problem) : pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor- solicitation) : pass
icmpv6 with hl (neighbor- advertisement) : pass
icmpv6 with hl (router- solicitation) : pass
icmpv6 with hl (router- advertisement) : pass
FAIL: check your kernel and that you have iptables >= 1.4.0
#
# eix -I ufw
[I] kde-misc/kcm-ufw
Available versions: (4) (