On Fri, 02 Nov 2018, Anuprita Duggal wrote: > == IPv6 == ... > LOG: pass > hashlimit: pass > limit: pass ... > All tests passed > Suzu.memeYa@build ~ $ > Suzu.memeYa@build ~ $ sudo ufw enable > Command may disrupt existing ssh > connections. Proceed with operation (y|n)? y > ERROR: Could not load logging rules > Suzu.memeYa@build ~ $
Interesting. It appears something changed wrt iptables: $ sudo /sbin/iptables -L ufw-before-logging-input Chain ufw-before-logging-input (1 references) target prot opt source destination $ sudo /sbin/iptables -F ufw-before-logging-input $ sudo /sbin/iptables -Z ufw-before-logging-input iptables v1.8.1 (nf_tables): (null) failed (Operation not supported): chain ufw-before-logging-input The man page for iptables doesn't say anything about this change. Here is a simple reproducer: $ sudo iptables --version iptables v1.8.1 (nf_tables) $ sudo iptables -N foo $ sudo iptables -L foo Chain foo (0 references) target prot opt source destination $ sudo iptables -F foo $ sudo iptables -Z foo # REGRESSION iptables v1.8.1 (nf_tables): (null) failed (Operation not supported): chain foo $ sudo iptables -X foo That said, if I update ufw to use the *-legacy versions of iptables/ip6tables tools, then everything works like before. I will keep this bug open for the incompatibility. I'll file a new bug against iptables for the (possible) regression. As a temporary workaround, feel free to downgrade to iptables 1.6. With preliminary testing, it seems that ufw can work with the nf_tables variety of iptables/ip6tables except for this -Z issue. -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature