Software conflict between iptables and ufw? SOLVED!

If none of the more specific forums is the right place to ask

Software conflict between iptables and ufw? SOLVED!

Postby rayos » 2020-02-10 11:08

Debian Bullseye. Packages: ufw 0.36-1 and Iptables 1.8.4-2

###############

Hello everybody! Ufw now doesn't work after a package update and if it's enable internet is blocked.

While doing a reboot some minutes ago, the PC lost the graphic environment and the internet connection.

The screen went black, but by pressing "Ctrl + Alt + F1" I could access a tty and recover the desktop environment using the startx command

I checked with cat /var/log/dpkg.log | grep "status installed" the last packages installed and I saw that one of the updated packages was "iptables".

In order to test if it was a problem with the firewall I deactivated the ufw firewall interface and everything went back to normal again.

With ufw disabled everything works fine again and when doing a reboot the desktop environment appears without using startx, but with ufw enabled I have to activate the X with startx command and the internet connection is blocked.

I guess this is an incompatibility between the new version of iptables and the old ufw version in the Debian testing repository.

$ iptables --version
iptables v1.8.4 (nf_tables)

$ ufw --version
ufw 0.36
Copyright 2008-2015 Canonical Ltd.

If I start ufw it gives an error warning and internet crashes:

# ufw enable
ERROR: problem running ufw-init
iptables-restore: COMMIT expected at line 21
iptables-restore: line 2 failed
iptables-restore: line 2 failed
ip6tables-restore: COMMIT expected at line 21
ip6tables-restore: line 2 failed
ip6tables-restore: line 2 failed
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/user6.rules'

# ufw status
Status: active

$ ping -c1 google.com
... there is no Internet conection

# ufw disable
Firewall stopped and disabled on system startup

$ ping -c1 google.com
... with ufw disabled there's internet connection

I uninstalled ufw by purging the configuration files, reinstalled it again and I get the same error message, but now without the "problem running" warnings.

I imagine the problem will be that Debian updated iptables without realizing that ufw would fail, I don't know.

All the best!
Last edited by rayos on 2020-02-13 00:27, edited 1 time in total.
User avatar
rayos
 
Posts: 17
Joined: 2014-08-08 12:11
Location: Canary Islands

Re: Software conflict between iptables and ufw?

Postby fabien » 2020-02-10 14:03

There is a bug report: #949739 iptables: ufw fails with iptables 1.8.4-2 https://bugs.debian.org/cgi-bin/bugrepo ... bug=949739
The maintainer proposes a workaround.
edit: typo
Last edited by fabien on 2020-02-11 13:49, edited 1 time in total.
User avatar
fabien
 
Posts: 15
Joined: 2019-12-03 12:51
Location: Toulouse, France

Re: Software conflict between iptables and ufw?

Postby sunrat » 2020-02-10 20:34

I had the same issue a couple of weeks ago in Sid. I only installed ufw to easily open ports for Syncthing, but it works fine now anyway after uninstalling ufw.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!
User avatar
sunrat
 
Posts: 2998
Joined: 2006-08-29 09:12
Location: Melbourne, Australia

Re: Software conflict between iptables and ufw?

Postby Chrisdb » 2020-02-11 19:47

you can also start using nftables:
https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables

if that's an option of course :wink:
Chrisdb
 
Posts: 273
Joined: 2018-04-10 07:16

Re: Software conflict between iptables and ufw?

Postby rayos » 2020-02-13 00:26

Chrisdb wrote:you can also start using nftables:
https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables

if that's an option of course :wink:


Yes, I'm using nftables now, Thank you!

viewtopic.php?f=16&t=143876

I'm reading some tutorials to catch up on the issue of nftables to be able to use it much better than right now.

I didn't know iptables is already becoming obsolete.

OK. The problem with ufw is caused by a bug.

Thanks to all of you!

Bye! Solved.

Edit. Typo.
User avatar
rayos
 
Posts: 17
Joined: 2014-08-08 12:11
Location: Canary Islands


Return to General Questions

Who is online

Users browsing this forum: peer and 12 guests

fashionable