Jump to content

dbaba

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

1 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I tested ufw and nftables on the latest release. But no luck. Tinker Board 2 team, could you please tell me how to enable firewall on this OS? Using ufw After adding a simple rule to ufw, I got the following error when I enabled it. linaro@linaro-alip:/lib/modules/4.4.194$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y ERROR: problem running ufw-init modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/4.4.194 iptables-restore v1.8.2 (nf_tables): line 22: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 23: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 24: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 25: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 26: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 27: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 29: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 30: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 31: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 32: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 33: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 34: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 36: RULE_APPEND failed (No such file or directory): rule in chain FORWARD line 41: RULE iptables-restore v1.8.2 (nf_tables): Couldn't load match `conntrack':No such file or directory Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.8.2 (nf_tables): line 5: RULE_APPEND failed (No such file or directory): rule in chain ufw-skip-to-policy-input line 6: RULE_APPEND failed (No such file or directory): rule in chain ufw-skip-to-policy-output line 7: RULE_APPEND failed (No such file or directory): rule in chain ufw-skip-to-policy-forward iptables-restore v1.8.2 (nf_tables): Couldn't load match `conntrack':No such file or directory Error occurred at line: 25 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.8.2 (nf_tables): unknown option "--dport" Error occurred at line: 19 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.8.2 (nf_tables): unknown option "--dport" Error occurred at line: 19 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.8.2 (nf_tables): Chain 'ufw-before-input' does not exist ip6tables-restore v1.8.2 (nf_tables): line 22: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 23: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 24: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 25: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 26: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 27: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 29: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 30: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 31: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 32: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 33: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 34: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 36: RULE_APPEND failed (No such file or directory): rule in chain FORWARD line 41: RULE ip6tables-restore v1.8.2 (nf_tables): Couldn't load match `conntrack':No such file or directory Error occurred at line: 2 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. ip6tables-restore v1.8.2 (nf_tables): line 5: RULE_APPEND failed (No such file or directory): rule in chain ufw6-skip-to-policy-input line 6: RULE_APPEND failed (No such file or directory): rule in chain ufw6-skip-to-policy-output line 7: RULE_APPEND failed (No such file or directory): rule in chain ufw6-skip-to-policy-forward ip6tables-restore v1.8.2 (nf_tables): Couldn't load match `rt':No such file or directory Error occurred at line: 24 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. ip6tables-restore v1.8.2 (nf_tables): unknown option "--dport" Error occurred at line: 19 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. ip6tables-restore v1.8.2 (nf_tables): unknown option "--dport" Error occurred at line: 19 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. ip6tables-restore v1.8.2 (nf_tables): Chain 'ufw6-before-input' does not exist Problem running '/etc/ufw/before.rules' Problem running '/etc/ufw/after.rules' Problem running '/etc/ufw/user.rules' Problem running '/etc/ufw/before6.rules' Problem running '/etc/ufw/after6.rules' Problem running '/etc/ufw/user6.rules' Using nftables I uninstalled ufw then installed nftables. And tried to set a simple rule which is just allowing loopback incoming access. #!/usr/sbin/nft -f flush ruleset table inet filter { chain input { type filter hook input priority 0; iifname "lo" accept } chain forward { type filter hook forward priority 0; } chain output { type filter hook output priority 0; } } Then I started nftables service but the service didn't start. syslog showed the following message. Apr 21 07:06:36 linaro-alip nft[2149]: /etc/nftables.conf:8:17-35: Error: Could not process rule: No such file or directory Apr 21 07:06:36 linaro-alip nft[2149]: iifname "lo" accept Apr 21 07:06:36 linaro-alip nft[2149]: ^^^^^^^^^^^^^^^^^^^ Apr 21 07:06:36 linaro-alip systemd[1]: nftables.service: Failed with result 'exit-code'. Apr 21 07:06:36 linaro-alip systemd[1]: Failed to start nftables. Are netfilter kernel modules installed? Got the following output. Some of netfilter modules are included in the builtin kernel. Not sure if the list covers all required modules. linaro@linaro-alip:~$ cat /lib/modules/$(uname -r)/modules.builtin | grep nf_tables kernel/net/ipv4/netfilter/nf_tables_ipv4.ko kernel/net/ipv4/netfilter/nf_tables_arp.ko kernel/net/ipv6/netfilter/nf_tables_ipv6.ko kernel/net/netfilter/nf_tables.ko kernel/net/netfilter/nf_tables_inet.ko kernel/net/netfilter/nf_tables_netdev.ko
  2. I'm interested in the way to build a custom image as well. Hope the step-by-step tutorial like this will be available.
  3. I found an issue regarding ufw in the latest OS image. Can someone help me to solve it? --- Issue: ufw is not working on the latest OS because required kernel modules are missing in the OS image. Board: ASUS Tinker Board 2 S OS: Tinker Board 2 Debian OS V1.0.7 Step to reproduce: Flash Tinker Board 2 Debian OS V1.0.7 to a microSD Boot from the microSD on ATB2 ssh to the board Run the commands $ sudo apt-get update $ sudo apt-get install ufw Add a new rule to ufw, which fails in the end linaro@linaro-alip:~$ sudo ufw allow 22 ERROR: initcaps [Errno 2] modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/4.4.194 ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. Related Issue: ip6tables is not working as well. Very weird as the OS is assigning IPv6 address to the network interfaces. Why not the OS does support IPv6 firewall though it uses IPv6? What I did in the same board: # Yeah, OS is assinging IPv6 addresses (they're masked here) linaro@linaro-alip:~$ ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff 4: wlp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DORMANT group default qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff # iptables for IPv4 linaro@linaro-alip:~$ sudo iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT #=> Fine. # iptables for IPv6 linaro@linaro-alip:~$ sudo ip6tables -S modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/4.4.194 ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. #=> ???? What happened?? # A list of files under /lib/modules/4.4.194/drivers. Too few files, are there? linaro@linaro-alip:~$ find /lib/modules/4.4.194/kernel/drivers/ /lib/modules/4.4.194/kernel/drivers/ /lib/modules/4.4.194/kernel/drivers/net /lib/modules/4.4.194/kernel/drivers/net/wireless /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rkwifi /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rkwifi/bcmdhd /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rkwifi/bcmdhd/bcmdhd.ko /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8822be /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8822be/8822be.ko /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8188eu /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8188eu/8188eu.ko /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8822ce /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8822ce/8822ce.ko /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8814au /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8814au/rtl8814au.ko /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8812AU_8821AU_linux /lib/modules/4.4.194/kernel/drivers/net/wireless/rockchip_wlan/rtl8812AU_8821AU_linux/rtl8812au.ko /lib/modules/4.4.194/kernel/drivers/net/wireless/mwifiex /lib/modules/4.4.194/kernel/drivers/net/wireless/mwifiex/mwifiex_sdio.ko /lib/modules/4.4.194/kernel/drivers/net/wireless/mwifiex/mwifiex.ko
×
×
  • Create New...