Search the Community
Showing results for tags 'netfilter'.
Found 1 result
-
I tested ufw and nftables on the latest release. But no luck. Tinker Board 2 team, could you please tell me how to enable firewall on this OS? Using ufw After adding a simple rule to ufw, I got the following error when I enabled it. linaro@linaro-alip:/lib/modules/4.4.194$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y ERROR: problem running ufw-init modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/4.4.194 iptables-restore v1.8.2 (nf_tables): line 22: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 23: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 24: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 25: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 26: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 27: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 29: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 30: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 31: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 32: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 33: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 34: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 36: RULE_APPEND failed (No such file or directory): rule in chain FORWARD line 41: RULE iptables-restore v1.8.2 (nf_tables): Couldn't load match `conntrack':No such file or directory Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.8.2 (nf_tables): line 5: RULE_APPEND failed (No such file or directory): rule in chain ufw-skip-to-policy-input line 6: RULE_APPEND failed (No such file or directory): rule in chain ufw-skip-to-policy-output line 7: RULE_APPEND failed (No such file or directory): rule in chain ufw-skip-to-policy-forward iptables-restore v1.8.2 (nf_tables): Couldn't load match `conntrack':No such file or directory Error occurred at line: 25 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.8.2 (nf_tables): unknown option "--dport" Error occurred at line: 19 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.8.2 (nf_tables): unknown option "--dport" Error occurred at line: 19 Try `iptables-restore -h' or 'iptables-restore --help' for more information. iptables-restore v1.8.2 (nf_tables): Chain 'ufw-before-input' does not exist ip6tables-restore v1.8.2 (nf_tables): line 22: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 23: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 24: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 25: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 26: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 27: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 29: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 30: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 31: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 32: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 33: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 34: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT line 36: RULE_APPEND failed (No such file or directory): rule in chain FORWARD line 41: RULE ip6tables-restore v1.8.2 (nf_tables): Couldn't load match `conntrack':No such file or directory Error occurred at line: 2 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. ip6tables-restore v1.8.2 (nf_tables): line 5: RULE_APPEND failed (No such file or directory): rule in chain ufw6-skip-to-policy-input line 6: RULE_APPEND failed (No such file or directory): rule in chain ufw6-skip-to-policy-output line 7: RULE_APPEND failed (No such file or directory): rule in chain ufw6-skip-to-policy-forward ip6tables-restore v1.8.2 (nf_tables): Couldn't load match `rt':No such file or directory Error occurred at line: 24 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. ip6tables-restore v1.8.2 (nf_tables): unknown option "--dport" Error occurred at line: 19 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. ip6tables-restore v1.8.2 (nf_tables): unknown option "--dport" Error occurred at line: 19 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. ip6tables-restore v1.8.2 (nf_tables): Chain 'ufw6-before-input' does not exist Problem running '/etc/ufw/before.rules' Problem running '/etc/ufw/after.rules' Problem running '/etc/ufw/user.rules' Problem running '/etc/ufw/before6.rules' Problem running '/etc/ufw/after6.rules' Problem running '/etc/ufw/user6.rules' Using nftables I uninstalled ufw then installed nftables. And tried to set a simple rule which is just allowing loopback incoming access. #!/usr/sbin/nft -f flush ruleset table inet filter { chain input { type filter hook input priority 0; iifname "lo" accept } chain forward { type filter hook forward priority 0; } chain output { type filter hook output priority 0; } } Then I started nftables service but the service didn't start. syslog showed the following message. Apr 21 07:06:36 linaro-alip nft[2149]: /etc/nftables.conf:8:17-35: Error: Could not process rule: No such file or directory Apr 21 07:06:36 linaro-alip nft[2149]: iifname "lo" accept Apr 21 07:06:36 linaro-alip nft[2149]: ^^^^^^^^^^^^^^^^^^^ Apr 21 07:06:36 linaro-alip systemd[1]: nftables.service: Failed with result 'exit-code'. Apr 21 07:06:36 linaro-alip systemd[1]: Failed to start nftables. Are netfilter kernel modules installed? Got the following output. Some of netfilter modules are included in the builtin kernel. Not sure if the list covers all required modules. linaro@linaro-alip:~$ cat /lib/modules/$(uname -r)/modules.builtin | grep nf_tables kernel/net/ipv4/netfilter/nf_tables_ipv4.ko kernel/net/ipv4/netfilter/nf_tables_arp.ko kernel/net/ipv6/netfilter/nf_tables_ipv6.ko kernel/net/netfilter/nf_tables.ko kernel/net/netfilter/nf_tables_inet.ko kernel/net/netfilter/nf_tables_netdev.ko