/usr/share/ufw/check-requirements -f fails on Nexus 4 and Nexus 10

ufw is now installed by default on the touch images with grouper and maguro passing all tests. Mako and manta still fail though. Test case:
$ /usr/share/ufw/check-requirements -f

Current behavior (from mako, I don't have a manta device):
# /usr/share/ufw/check-requirements -f
Has python: pass (binary: python2.7, version: 2.7.5+, py2)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass

== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
ipv6 rt: pass

FAIL: check your kernel and that you have iptables >= 1.4.0

Expected behavior is all tests pass. Eg:
# /usr/share/ufw/check-requirements -f
...
All tests passed

Smoke test results:
http://reports.qa.ubuntu.com/smokeng/saucy/image/2899/ (mako)
http://reports.qa.ubuntu.com/smokeng/saucy/image/2900/ (manta)

On mako in particular, here are reduced test cases under adb shell:
root@ubuntu-phablet:/# iptables -A INPUT -p tcp --sport 23 -j LOG || echo FAIL
iptables: No chain/target/match by that name.
FAIL
root@ubuntu-phablet:/# ip6tables -A INPUT -p tcp --sport 23 -j LOG || echo FAIL
ip6tables: No chain/target/match by that name.
FAIL

Please run /usr/share/ufw/check-requirements on manta to see what is missing there.