On Tue, 07 Jan 2020, Jamie Strandboge wrote:
> On Thu, 26 Dec 2019, Valentin Vidić wrote:
>
> > Since iptables 1.8.4-1 compat symlink /sbin/iptables does
> > not exist any more, so the ufw always fails:
> >
> > # strace -e trace=execve -ff ufw status
> > execve("/usr/sbin/ufw", ["ufw", "status"], 0x7fff9d7faa10 /* 9 vars */) = 0
> > strace: Process 5805 attached
> > [pid 5805] execve("/sbin/iptables", ["/sbin/iptables", "-V"],
> > 0x7ffec7a8b2c8 /* 9 vars */) = -1 ENOENT (No such file or directory)
> > [pid 5805] +++ exited with 255 +++
> > --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5805, si_uid=0,
> > si_status=255, si_utime=0, si_stime=0} ---
> > ERROR: Couldn't determine iptables version
> > +++ exited with 1 +++
> >
> > Please update to use /usr/sbin/iptables instead.
>
> Thank you for the report. I'm planning an upload soon. Do note that
> iptables 1.8.4 broke ufw in other ways so downgrading is recommended for
> now:
>
> * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946289
> * https://bugzilla.netfilter.org/show_bug.cgi?id=1394
FYI, while 946289 is now fixed, another regression was found in iptables
1.8.4: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949518.
ufw 0.36-2 is ready to be uploaded to address this bug but blocked on
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949518 being fixed
(since the iptables regression renders ufw completely broken and the
upload will continue to fail autopkgtests). Once the iptables regression
is fixed, I'll updload ufw.
--
Email: ja...@strandboge.com
IRC: jdstrand
