disco: unable to use iptables/enable ufw under -virtual kernel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Seth Forshee | ||
ufw (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
SRU Justification
Impact: iptables does not work in disco with linux-virtual.
Fix: Add bpfilter to the generic inclusion list.
Regression Potential: There are no code changes and thus minimal potential for regressions.
Test Case: Verify that bpffilter.ko is shipped in linux-modues instead of linux-module-extra and that iptables commands work in disco with the linux-virtual kernel installed.
---
Fresh install of disco:
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
iptables-restore v1.6.1: Can't set policy `DROP' on `INPUT' line 3: Bad built-in chain name
iptables-restore: line 22 failed
iptables-restore: line 2 failed
iptables-restore v1.6.1: Couldn't load target `ufw-logging-
Error occurred at line: 30
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.1: Couldn't load target `ufw-skip-
Error occurred at line: 19
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.6.1: Couldn't load target `ufw-user-input':No such file or directory
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Problem running '/etc/ufw/
Problem running '/etc/ufw/
ProblemType: Bug
DistroRelease: Ubuntu 19.04
Package: ufw 0.36-1ubuntu1
ProcVersionSign
Uname: Linux 5.0.0-8-generic x86_64
ApportVersion: 2.20.10-0ubuntu26
Architecture: amd64
Date: Tue Apr 9 08:49:59 2019
Ec2AMI: ami-000004cf
Ec2AMIManifest: FIXME
Ec2Availability
Ec2InstanceType: m1.blue
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
PackageArchitec
ProcEnviron:
TERM=screen-
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: ufw
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile.
CVE References
description: | updated |
Changed in linux (Ubuntu): | |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
tags: | added: cscc |
I cannot reproduce. I notice that you said 'default install' but at a minimum you have modified /etc/default/ufw to have:
DEFAULT_ INPUT_POLICY= "ACCEPT"
$ cat /proc/version_ signature
Ubuntu 5.0.0-8.9-generic 5.0.1
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Started bpfilter
Firewall is active and enabled on system startup
Can you give exact steps to verify?
What is the output of 'sudo /usr/share/ ufw/check- requirements' ? What is the output of that before you run 'ufw enable'?