[SOLVED] UFW doesn't work - antiX-19

walker · 10-30-2019, 02:54 AM

To say the plain truth it's not an antiX nor UFW related problem as I discovered.

UFW is wrritten around iptables, libip4tc0, libip6tc0, libiptc0, libxtables12 version 1.6.

Following no longer tested Debian fake stable Buster, antiX uses version 1.8 of aforementioned libraries which have broken retrocompatibility with their 1.6 version.

To have ufw working also on antiX-19 despite the installed kernel using a 17,4,1 live and grab

$ apt-get download iptables

and in the same way the other aforementioned needed libraries and save them on your antiX-19 installation.

Start antiX-19 and install downgrading from the installed 1.8 using dpkg -i the previous downloaded packages and set them to hold

# apt-mark hold iptables libip4tc0 aso

install or reinstall UFW and you are done.

Debian seems no longer well done and well tested as in the past better always check and don't trust too much in them. IMHO

anticapitalista · 10-30-2019, 12:38 PM

Thanks.
Just to add.
Others have reported to use a later kernel (eg 4.19) on antiX-19 than the one shipped (4.9).

walker · 10-30-2019, 01:38 PM

Quote:

Originally Posted by anticapitalista

Thanks.
Just to add.
Others have reported to use a later kernel (eg 4.19) on antiX-19 than the one shipped (4.9).

You are welcome!
And anyway I have to thank you for antiX.

The problem isn't kernel related, I've tried with 4.9.160 4.9.170 4.9.193 4.19.73 5.2.15

I've found also the evidence, a complete change in iptables 1.8
https://lwn.net/Articles/759184/

The weird thing is that with 4 kernel you are neither able to reach the net with 5 kernel (as also reported on your own forum by a user - sorry but due to captcha it impossible to me to create an user) net is reachable but ufw won't anyway run properly due to iptables issue.

Btw. We heard us some years ago per email but your old opera mail seems no longer active.

Have a nice evening!

walker · 11-11-2019, 02:24 AM

Final solution which avoid the need of the suggested workaround.

Upgrade kernel 4.9.193-antix1 shipped with the iso images of antiX 19 with kernel 4.19.73-antix1

It's due to ufw developer statement that modules have to be compiled in kernel (built-in) to make ufw working with iptables >= 1.8

Kernel 4.9.193-antix1 has af_packet (the mandatory module) but also loading it at boot before launching ufw doesn't work (bad code portability example IMHO).

Kernel 4.19.73-antix1 has af_packet compiled in kernel (built-in) so no troubles to make ufw working also with iptables >= 1.8

I tried also some 5 kernels especially 5.2.8-antix1 and 5.2.15-antix1

ufw doesn't work but in these cases due to lack of IPv6 stack in kernel it seems.

Who want to use ufw with antiX 19 should use the aforementioned kernel 4.19.73-antix1

The end