On Thu, 01 Nov 2018, Karlheinz Geyer wrote: > Hi Jamie, > thx vm for ur reply... > > Jamie Strandboge <ja...@canonical.com> [01.11.2018 13.34.36 -0500]: > > > What is the output of: > > > > $ sudo /usr/share/ufw/check-requirements > > # /usr/share/ufw/check-requirements > Has python: pass (binary: python2.7, version: 2.7.15+, py2) > Has iptables: pass > Has ip6tables: pass > > Has /proc/net/dev: pass > Has /proc/net/if_inet6: pass > > This script will now attempt to create various rules using the iptables > and ip6tables commands. This may result in module autoloading (eg, for > IPv6). > Proceed with checks (Y/n)? ... > == IPv6 == > Creating 'ufw-check-requirements6'... done > Inserting RETURN at top of 'ufw-check-requirements6'... done ... > icmpv6 (destination-unreachable): FAIL > error was: ip6tables v1.8.1 (nf_tables): unknown option "--icmpv6-type" > Try `ip6tables -h' or 'ip6tables --help' for more information. > icmpv6 (packet-too-big): FAIL > error was: ip6tables v1.8.1 (nf_tables): unknown option "--icmpv6-type" > Try `ip6tables -h' or 'ip6tables --help' for more information. > icmpv6 (time-exceeded): FAIL > error was: ip6tables v1.8.1 (nf_tables): unknown option "--icmpv6-type" > Try `ip6tables -h' or 'ip6tables --help' for more information. > icmpv6 (parameter-problem): FAIL > error was: ip6tables v1.8.1 (nf_tables): unknown option "--icmpv6-type" > Try `ip6tables -h' or 'ip6tables --help' for more information. > icmpv6 (echo-request): FAIL > error was: ip6tables v1.8.1 (nf_tables): unknown option "--icmpv6-type" > Try `ip6tables -h' or 'ip6tables --help' for more information. > icmpv6 with hl (neighbor-solicitation): FAIL > error was: ip6tables v1.8.1 (nf_tables): unknown option "--icmpv6-type" > Try `ip6tables -h' or 'ip6tables --help' for more information. > icmpv6 with hl (neighbor-advertisement): FAIL > error was: ip6tables v1.8.1 (nf_tables): unknown option "--icmpv6-type" > Try `ip6tables -h' or 'ip6tables --help' for more information. > icmpv6 with hl (router-solicitation): FAIL > error was: ip6tables v1.8.1 (nf_tables): unknown option "--icmpv6-type" > Try `ip6tables -h' or 'ip6tables --help' for more information. > icmpv6 with hl (router-advertisement): FAIL > error was: ip6tables v1.8.1 (nf_tables): unknown option "--icmpv6-type" > Try `ip6tables -h' or 'ip6tables --help' for more information. > ipv6 rt: pass > It looks like your kernel doesn't support these options and you may want to upgrade your kernel and/or update its config.
Please note that the recent upgrade to iptables 1.8.1 in sid caused a regression in ufw: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911986#35 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912610 -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: PGP signature
