[SOLVED] antiX 17.3.1 problem enabling ufw firewall
antiX / MX LinuxThis forum is for the discussion of antiX and MX Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Using the latest version of antiX (antiX-17.3.1_x64-base.iso) as a live USB on a Toshiba laptop.
Did "sudo apt-get update" and then did "sudo apt-get install ufw" to have a firewall installed.
Did "sudo ufw enable" to enable the firewall.
Got the following error messages:
Code:
ERROR: problem running ufw-init
iptables-restore: line 4 failed
iptables-restore: line 77 failed
ip6tables-restore: line 4 failed
ip6tables-restore: line 138 failed
Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/before6.rules'
After doing some research on ufw, learned it provides a tool as part of its installation to check on its status. It is /usr/share/ufw/check-requirements.
Here is the results from running it:
Quote:
demo@antix1:/usr/share/ufw
$ sudo ./check-requirements
Has python: pass (binary: python2.7, version: 2.7.13, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: FAIL
error was: iptables: Protocol wrong type for socket.
limit: pass
ctstate (NEW): FAIL
error was: iptables: Protocol wrong type for socket.
ctstate (RELATED): FAIL
error was: iptables: Protocol wrong type for socket.
ctstate (ESTABLISHED): FAIL
error was: iptables: Protocol wrong type for socket.
ctstate (INVALID): FAIL
error was: iptables: Protocol wrong type for socket.
ctstate (new, recent set): FAIL (no runtime support)
error was: iptables: Protocol wrong type for socket.
ctstate (new, recent update): FAIL (no runtime support)
error was: iptables: Protocol wrong type for socket.
ctstate (new, limit): FAIL
error was: iptables: Protocol wrong type for socket.
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: FAIL
error was: ip6tables: Protocol wrong type for socket.
limit: pass
ctstate (NEW): FAIL
error was: ip6tables: Protocol wrong type for socket.
ctstate (RELATED): FAIL
error was: ip6tables: Protocol wrong type for socket.
ctstate (ESTABLISHED): FAIL
error was: ip6tables: Protocol wrong type for socket.
ctstate (INVALID): FAIL
error was: ip6tables: Protocol wrong type for socket.
ctstate (new, recent set): FAIL (no runtime support)
error was: ip6tables: Protocol wrong type for socket.
ctstate (new, recent update): FAIL (no runtime support)
error was: ip6tables: Protocol wrong type for socket.
ctstate (new, limit): FAIL
error was: ip6tables: Protocol wrong type for socket.
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
ipv6 rt: pass
FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support
To check if the "Fallback Debian 4.9 64 bit" kernel did not have this problem, I did the following:
Full installation
Booted into installation
sudo apt-get update
sudo apt-get install ufw
sudo ufw enable # problem exists as expected
Had to reboot to regain Internet connection
Used the "package installer" to install the "Fallback Debian 4.9 64 bit" (linux-image-4.9.0-8-amd64) kernel
Used Synaptic to uninstall the original kernel
Rebooted the installation
sudo ufw enable # it worked with no error messages
So it is indeed the original kernel (linux-image-4.9.146-antix.1-amd64-smp) has a regression which causes the problem with ufw.
No I have not filed a bug report. Wanted to see how the gui interface for "ufw" behaved before doing that.
The graphical interface package for "ufw" is "gufw-legacy". It is included in the Full antiX 17.3.1 iso. "gufw-legacy" has a dependency for "ufw", so it will be installed as part of installing "gufw-legacy".
Booted up the original antiX 17.3.1 base Live USB. Did an "sudo apt-get update" and a "sudo apt-get install gufw-legacy". Seem to install without problems.
Clicked on the "Firewall Configuration" menu entry which executes "gufw". It did not prompt for a password prompt as expected since configuring the firewall would be modifying the system.
With the "Firewall Configuration" dialog now brought up, I clicked on the "Unlock" button to be able to enable the firewall, but it would not allow me to proceed. A message popped up stating something about wrong identification.
It would be interesting to see what happens when using the Full antiX 17.3.1 iso. Would it behave in the same way?
"ufw" works for me with the "Fallback Debian 4.9 64 bit" kernel.
No I have not filed a bug report. Wanted to see how the gui interface for "ufw" behaved before doing that.
The graphical interface package for "ufw" is "gufw-legacy". It is included in the Full antiX 17.3.1 iso. "gufw-legacy" has a dependency for "ufw", so it will be installed as part of installing "gufw-legacy".
Booted up the original antiX 17.3.1 base Live USB. Did an "sudo apt-get update" and a "sudo apt-get install gufw-legacy". Seem to install without problems.
Clicked on the "Firewall Configuration" menu entry which executes "gufw". It did not prompt for a password prompt as expected since configuring the firewall would be modifying the system.
With the "Firewall Configuration" dialog now brought up, I clicked on the "Unlock" button to be able to enable the firewall, but it would not allow me to proceed. A message popped up stating something about wrong identification.
It would be interesting to see what happens when using the Full antiX 17.3.1 iso. Would it behave in the same way?
"ufw" works for me with the "Fallback Debian 4.9 64 bit" kernel.
If anything it sounds like this is a challenge at the very least.
Glad to hear ufw works under the fallback Debian kernel.
The firewall problem is solved except for people using antiX 17.3.1 as a Live device. That will need to be solved with a remaster on their part or with a new ISO release.
Distribution: antiX using herbstluftwm, fluxbox, IceWM and jwm.
Posts: 631
Rep:
Quote:
Originally Posted by RHTopics
...
The firewall problem is solved except for people using antiX 17.3.1 as a Live device. That will need to be solved with a remaster on their part or with a new ISO release.
So it is solved with an "*".
Well obviously.
Thanks for the confirmation.
Added: BTW, just to make the point that a live remaster on antiX is extremely easy.
Last edited by anticapitalista; 01-05-2019 at 06:38 PM.
Reason: added info
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.