Package: ufw Version: 0.36-7.1 Severity: important File: /etc/init.d/ufw Justification: renders package unusable X-Debbugs-Cc: ro...@rilynn.me.uk
Hi, ufw apparently depends on nftables but the init script does not declare it. This results in errors from ip-tables-restore when ufw starts: Starting firewall: ufw... iptables-restore v1.8.7 (nf_tables): line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-before-logging-input line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-before-logging-output line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-before-logging-forward line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-before-input line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-before-output line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-before-forward line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-after-input line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-after-output line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-after-forward line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-after-logging-input line 42: CHAIN_USER_ADD failed (No such file or directory): chain ufw-after-logging-output line 42: RULE_APPEND faied (No such file or directory): rule in iptables-restore: line 3 failed iptables-restore: line 3 failed iptables-restore: line 4 failed failed. startpar: service(s) returned failre:ufw ... failed! Adding "nftables" to the Required-Start: and Required-Stop: lines in /etc/init.d/ufw resolves the problem: # Required-Start: $local_fs nftables # Required-Stop: $local_fs nftables Thanks, Roger -- System Information: Debian Release: bullseye/sid APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages ufw depends on: ii debconf [debconf-2.0] 1.5.75 ii iptables 1.8.7-1 ii lsb-base 11.1.0 ii python3 3.9.2-2 ii ucf 3.0043 ufw recommends no packages. Versions of packages ufw suggests: ii rsyslog 8.2102.0-2 -- Configuration Files: /etc/default/ufw changed: IPV6=yes DEFAULT_INPUT_POLICY="REJECT" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="REJECT" DEFAULT_APPLICATION_POLICY="SKIP" MANAGE_BUILTINS=no IPT_SYSCTL= IPT_MODULES="" /etc/init.d/ufw changed: set -e PATH="/sbin:/bin" [ -d /lib/ufw ] || exit 0 . /lib/lsb/init-functions for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do if [ -s "$s" ]; then . "$s" else log_failure_msg "Could not find $s (aborting)" exit 1 fi done error=0 case "$1" in start) if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then log_action_begin_msg "Starting firewall:" "ufw" output=`ufw_start` || error="$?" if [ "$error" = "0" ]; then log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)" fi if [ ! -z "$output" ]; then echo "$output" | while read line ; do log_action_cont_msg "$line" done fi else log_action_begin_msg "Skip starting firewall:" "ufw (not enabled)" fi log_action_end_msg $error exit $error ;; stop) if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then log_action_begin_msg "Stopping firewall:" "ufw" output=`ufw_stop` || error="$?" if [ ! -z "$output" ]; then log_action_cont_msg "$output" fi else log_action_begin_msg "Skip stopping firewall:" "ufw (not enabled)" fi log_action_end_msg $error exit $error ;; restart|force-reload) log_action_begin_msg "Reloading firewall:" "ufw" output=`ufw_reload` || error="$?" if [ ! -z "$output" ]; then log_action_cont_msg "$output" fi log_action_end_msg $error exit $error ;; status) output=`ufw_status` || error="$?" if [ ! -z "$output" ]; then log_action_cont_msg "$output" fi log_action_end_msg $error exit $error ;; *) echo "Usage: /etc/init.d/ufw {start|stop|restart|force-reload|status}" exit 1 ;; esac exit 0 -- debconf information: * ufw/enable: true * ufw/allow_known_ports: SSH ufw/allow_custom_ports: * ufw/existing_configuration: