Yep Iptables was updated a few hours after the last ufw update was released
Thanks for the quick response On Fri, 2 Nov 2018, 01:52 Jamie Strandboge <ja...@canonical.com wrote: > On Fri, 02 Nov 2018, Anuprita Duggal wrote: > > > == IPv6 == > ... > > LOG: pass > > hashlimit: pass > > limit: pass > ... > > All tests passed > > Suzu.memeYa@build ~ $ > > Suzu.memeYa@build ~ $ sudo ufw enable > > Command may disrupt existing ssh > > connections. Proceed with operation (y|n)? y > > ERROR: Could not load logging rules > > Suzu.memeYa@build ~ $ > > Interesting. It appears something changed wrt iptables: > > $ sudo /sbin/iptables -L ufw-before-logging-input > Chain ufw-before-logging-input (1 references) > target prot opt source destination > > $ sudo /sbin/iptables -F ufw-before-logging-input > > $ sudo /sbin/iptables -Z ufw-before-logging-input > iptables v1.8.1 (nf_tables): (null) failed (Operation not supported): > chain ufw-before-logging-input > > The man page for iptables doesn't say anything about this change. > > Here is a simple reproducer: > > $ sudo iptables --version > iptables v1.8.1 (nf_tables) > > $ sudo iptables -N foo > > $ sudo iptables -L foo > Chain foo (0 references) > target prot opt source destination > > $ sudo iptables -F foo > > $ sudo iptables -Z foo # REGRESSION > iptables v1.8.1 (nf_tables): (null) failed (Operation not supported): > chain foo > > $ sudo iptables -X foo > > > That said, if I update ufw to use the *-legacy versions of > iptables/ip6tables > tools, then everything works like before. I will keep this bug open for the > incompatibility. I'll file a new bug against iptables for the (possible) > regression. As a temporary workaround, feel free to downgrade to iptables > 1.6. > > With preliminary testing, it seems that ufw can work with the nf_tables > variety > of iptables/ip6tables except for this -Z issue. > > -- > Jamie Strandboge | http://www.canonical.com >
