ufw

UFW (enable and iptables fails)

Bug #1076050 reported by x11tete11x
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ufw
Invalid
Undecided
Unassigned
ufw (Gentoo Linux)
New
Undecided
Unassigned

Bug Description

Hello, i have:

EDIT: more info that you request :D

 net-firewall/iptables
      Latest version available: 1.4.16.3
      Latest version installed: 1.4.16.3

x11tete11x@Jarvis ~ $ uname -r
3.6.8-gentoo

also i tried with two versions of ufw and iptables and same issue

i havent any problem to emerge (i already have in my kernel netfilter options)

and yes i have ipv6 active in my kernel

END EDIT :D

ufw 0.33-r1
kcm-ufw 0.4.3

when i run ufw enable:
ERROR: problem running ufw-init
iptables-restore: line 35 failed
ip6tables-restore: line 35 failed

Problem running '/etc/ufw/user/user.rules'
Problem running '/etc/ufw/user/user6.rules'

then i do ufw reset and again ufw enable:
ERROR: problem running ufw-init
iptables-restore: line 11 failed

Problem running '/etc/ufw/user/user.rules'

also i have a strage problem with frontend kcm-ufw, because i cant set "enable" when i just go back and go in again always show "disable", so i do eselect python set 1 (to choose python 2) and it works relatively good (because it says that it's working but ufw daemon just dont work)

here is the ebuild if helps http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-firewall/ufw/ufw-0.33-r1.ebuild?view=markup

any suggest?

Im on Gentoo x64. Sorry i speak little english, thx!

EDIT: info requested:

Jarvis x11tete11x # cat /etc/ufw/user/user.rules
*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-logging-deny - [0:0]
:ufw-logging-allow - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
### RULES ###

### END RULES ###

### LOGGING ###
-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###

### RATE LIMITING ###
-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

Jarvis x11tete11x # cat /etc/ufw/user/user6.rules
*filter
:ufw6-user-input - [0:0]
:ufw6-user-output - [0:0]
:ufw6-user-forward - [0:0]
:ufw6-before-logging-input - [0:0]
:ufw6-before-logging-output - [0:0]
:ufw6-before-logging-forward - [0:0]
:ufw6-user-logging-input - [0:0]
:ufw6-user-logging-output - [0:0]
:ufw6-user-logging-forward - [0:0]
:ufw6-after-logging-input - [0:0]
:ufw6-after-logging-output - [0:0]
:ufw6-after-logging-forward - [0:0]
:ufw6-logging-deny - [0:0]
:ufw6-logging-allow - [0:0]
:ufw6-user-limit - [0:0]
:ufw6-user-limit-accept - [0:0]
### RULES ###

### END RULES ###

### LOGGING ###
-A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###

### RATE LIMITING ###
-A ufw6-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw6-user-limit -j REJECT
-A ufw6-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

See original description
x11tete11x (11tete11)
description: updated
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for reporting a bug. Can you provide the following:
 * /etc/ufw/user/user.rules is an interesting location for the user rules. Is that the normal location on Gentoo?
 * what is the output of the following command: /usr/share/ufw/check-requirements (needs to be run as root. Also, the location may be different on gentoo)
 * attach /etc/ufw/user/user.rules

Changed in ufw:
status: New → Incomplete
x11tete11x (11tete11)
description: updated
Revision history for this message
x11tete11x (11tete11) wrote :

Thx! for quickly answer. Well new in Gentoo, and it's the first time that i set up a Firewall, i cant tell you if it's the normal location for rules :(.

i search for check-requierements but i havent that command. Thx for your help! :)

Jarvis x11tete11x # ls /usr/share/ufw/
iptables messages ufw-init ufw-init-functions

iptables and messages are directories

and in :

ls /etc/ufw/
after.rules after6.rules.20121107_104724 before.rules.20121107_104724 before6.rules.20121107_104903
after.rules.20121107_104724 after6.rules.20121107_104903 before.rules.20121107_104903 before6.rules.20121107_112536
after.rules.20121107_104903 after6.rules.20121107_112536 before.rules.20121107_112536 before6.rules.20121107_122157
after.rules.20121107_112536 after6.rules.20121107_122157 before.rules.20121107_122157 before6.rules.20121107_135109
after.rules.20121107_122157 after6.rules.20121107_135109 before.rules.20121107_135109 sysctl.conf
after.rules.20121107_135109 applications.d before6.rules ufw.conf
after6.rules before.rules before6.rules.20121107_104724 user

application.d and user are directories :)

description: updated
Revision history for this message
Sławomir Nizio (snizio) wrote :

Jamie, I can answer your question regarding the path in ufw as I'm the one who did it (I maintain ufw in Gentoo, via someone who commits my changes as I'm not a Gentoo developer - I think it's called sponsorship in Debian world).

> * /etc/ufw/user/user.rules is an interesting location for the user rules. Is that the normal location on Gentoo?
Yes, it is. On Gentoo ufw doesn't keep its files in /lib (it was suggested to me even before ufw appeared in Gentoo), and its init script depends on a service that mounts partitions like /usr, so it's OK.
More importantly, user's configuration is in /etc/ufw/user. This way configuration files are protected without CONFIG_PROTECT, which is another possibility, but a bit ugly one.
Besides that, there are currently patches that do the following:
- disable iptables check in setup.py, so it's not required at install time, only at runtime (very optional one, but also trivial),
- use conntrack (I filed you a bug and provided a patch - it was about this :)),
- patch from bug 819600 (now it looks a bit differently).

> * what is the output of the following command: /usr/share/ufw/check-requirements (needs to be run as root. Also, the location may be different on gentoo)
Ufw build system doesn't install check-requirements script, so it hasn't been present in Gentoo. Now that I'm reading this bug and your reply, I think that it will be a good idea to start providing it.

Revision history for this message
Sławomir Nizio (snizio) wrote :

x11tete11x:
I'd like to ask you for additional information. All of them could be useful.
Which iptables version? What USE flags used for net-firewall/iptables? Do you have enabled IPv6 support in the kernel? Please also provide "uname -r" output.
If you uninstall ufw and then install it again, does it help?
Does downgrading ufw to 0.31.1-r1 help?
Thanks in advance.

Revision history for this message
Sławomir Nizio (snizio) wrote :

check-requirements script for ufw 0.33:
http://bazaar.launchpad.net/~jdstrand/ufw/0.33/download/head:/checkrequirements-20090824160607-dn3v8cyeqt6a65ox-1/check-requirements
(site note: unpatched, doesn't use -m conntrack), md5sum: f5402b0f981940ce4ca83d63da2d366d

Revision history for this message
Fitzcarraldo (fitzcarraldo) wrote :
Download full text (5.5 KiB)

I am now suffering from the same problem as x11tete11x. Here is the information from my laptop running Gentoo:

# uname -a
Linux meshedgedx 3.6.1-gentoo #1 SMP Tue Oct 9 20:34:34 BST 2012 x86_64 Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz GenuineIntel GNU/Linux

# # At this point I can browse the Internet.
# ufw status verbose
Status: inactive
# ufw enable
ERROR: problem running ufw-init
iptables-restore: line 35 failed
ip6tables-restore: line 35 failed

Problem running '/etc/ufw/user/user.rules'
Problem running '/etc/ufw/user/user6.rules'

# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
# # At this point I cannot browse the Internet.
# ufw disable
Firewall stopped and disabled on system startup
# # At this point I can browse the Internet again.

# ./check-requirements
Has python: pass (binary: python2.7, version: 2.7.3, py2)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? Y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass

== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass

FAIL: check your kernel and that you have iptables >= 1.4.0
#

# eix -I ufw
[I] kde-misc/kcm-ufw
     Available versions: (4) (~)0.4.3
        {aqua debug LINGUAS="en es fr lt"}
     Installed versions: 0.4.3(4)(23:28:03 25/11/12)(-aqua -debug LINGUAS="en -es -fr -lt")
     Homepage: http://kde-apps.org/content/show.php?content=137789
     Description: KCM module to control the Uncomplicated Firewall

[I] net-firewall/ufw...

Read more...

Revision history for this message
Sławomir Nizio (snizio) wrote :

Thanks for the output.
LOG: FAIL - this is interesting.
Could you re-run the script after applying the patch attached here?

Of course ufw nor this script doesn't fail for me.

cp -i somewhere/check-requirements /tmp
cd /tmp
patch < check-requirements-get-error.patch
./check-requirements

Jamie: could you consider to modify the script to make it able to see errors - perhaps by using my patch?

PS I have a feeling that this bug should be on Gentoo bug tracker, but well. :)

Revision history for this message
Fitzcarraldo (fitzcarraldo) wrote :

# cp -i check-requirements /tmp/
# cd /tmp
# cp /home/fitzcarraldo/check-requirements-get-error.patch .
# patch < check-requirements-get-error.patch
patching file check-requirements
# ./check-requirements
Has python: pass (binary: python2.7, version: 2.7.3, py2)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? Y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
error was: iptables: No chain/target/match by that name.
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass

== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: FAIL
error was: ip6tables: No chain/target/match by that name.
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass

FAIL: check your kernel and that you have iptables >= 1.4.0
meshedgedx tmp #

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

> Jamie: could you consider to modify the script to make it able to see
> errors - perhaps by using my patch?

Yes, committed to trunk. Thanks!

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I'm going to close the upstream ufw task on this, however if it turns out there is something to do there, I'll re-open.

Changed in ufw:
status: Incomplete → Invalid
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

> - use conntrack (I filed you a bug and provided a patch - it was about this :)),
This is bug #1065297. I started looking at this and am performing testing.

> - patch from bug 819600 (now it looks a bit differently).
Commented in the other bug

Revision history for this message
Sławomir Nizio (snizio) wrote :

I don't know the exact reason why ufw fails on your all's machines, so let's focus about the check-requirements script failure.

Fitzcarraldo, could you paste output of the command 'lsmod'?
Also, could you paste (or attach, preferred) kernel configuration matching CONFIG_NETFILTER and _NF_?
this should do, if you have config.gz:
zgrep CONFIG_NETFILTER /proc/config.gz
zgrep _NF_ /proc/config.gz

Did you update your kernel, and if yes, from what version? (Only y in 3.y is needed. Kernel options change from time to time and that's maybe some missing option(s) causes it. I have mainly NETFILTER_XT_TARGET_LOG vs. CONFIG_IP_NF_TARGET_LOG in mind. Looks like this option was changed in 3.4.)

Revision history for this message
Fitzcarraldo (fitzcarraldo) wrote :
Download full text (8.4 KiB)

# lsmod
Module Size Used by
nfsd 200912 13
auth_rpcgss 26152 1 nfsd
nfs_acl 1983 1 nfsd
rfcomm 27175 12
bnep 9173 2
ipv6 255133 102
iptable_filter 1304 0
ip_tables 13970 1 iptable_filter
x_tables 14115 2 ip_tables,iptable_filter
vboxnetadp 17206 0
vboxnetflt 12957 0
vboxdrv 1784932 2 vboxnetadp,vboxnetflt
uvcvideo 59228 0
videobuf2_vmalloc 2060 1 uvcvideo
videobuf2_memops 1790 1 videobuf2_vmalloc
videobuf2_core 18399 1 uvcvideo
snd_hda_codec_hdmi 21279 1
snd_hda_codec_realtek 50862 1
btusb 10529 0
bluetooth 153510 22 bnep,btusb,rfcomm
snd_hda_intel 22805 4
snd_hda_codec 73384 3 snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_intel
fglrx 4995461 181
iwldvm 102003 0
mac80211 214601 1 iwldvm
snd_hwdep 5142 1 snd_hda_codec
snd_pcm 62023 3 snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel
coretemp 5518 0
kvm_intel 112257 0
kvm 209928 1 kvm_intel
tpm_infineon 6914 0
snd_page_alloc 5993 2 snd_pcm,snd_hda_intel
snd_timer 15600 1 snd_pcm
iTCO_wdt 4647 0
iTCO_vendor_support 1720 1 iTCO_wdt
joydev 8711 0
i2c_i801 8445 0
tpm_tis 8146 0
i2c_core 16324 1 i2c_i801
iwlwifi 58091 1 iwldvm
tpm 11285 2 tpm_tis,tpm_infineon
snd 49525 15 snd_hda_codec_realtek,snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_pcm,snd_hda_codec,snd_hda_intel
cfg80211 145747 3 iwlwifi,mac80211,iwldvm
i7core_edac 15070 0
crc32c_intel 1707 0
pcspkr 1763 0
edac_core 31495 1 i7core_edac
microcode 8121 0
atl1c 27687 0
lpc_ich 10393 0
tpm_bios 4392 1 tpm
video 10997 0
xts 2773 0
gf128mul 5338 1 xts
ablk_helper 1596 0
cryptd 6767 1 ablk_helper
aes_x86_64 7340 0
sha256_generic 9501 0
iscsi_tcp 7612 0
fuse 56630 2
xfs 412379 0
nfs 99397 0
lockd 52521 2 nfs,nfsd
sunrpc 144463 18 nfs,nfsd,auth_rpcgss,lockd,nfs_acl
jfs 139809 0
reiserfs 205661 0
ext4 246311 3
jbd2 48329 1 ext4
ext3 106997 0
jbd 37214 1 ext3
ext2 53712 0
mbcache 4529 3 ext2,ext3,ext4
sl811_hcd 8919 0
ohci_hcd 17390 0
uhci_hcd 18658 0
ehci_hcd 34648 0
sx8 10901 0
pata_pcmcia 9669 0
pcmcia 29256 1 pata_pcmcia...

Read more...

Revision history for this message
Sławomir Nizio (snizio) wrote :

"CONFIG_NETFILTER_XT_TARGET_LOG is not set" may be the cause. Would it be possible for you to enable this option and then see if check-requirements and ufw itself work, and report it here?

Revision history for this message
Fitzcarraldo (fitzcarraldo) wrote :
Download full text (3.7 KiB)

I rebuilt the kernel as you requested, Sławomir:

# grep CONFIG_NETFILTER_XT_TARGET_LOG /usr/src/linux/.config
CONFIG_NETFILTER_XT_TARGET_LOG=m
#

# lsmod | grep xt
xts 2773 0
gf128mul 5338 1 xts
ext4 246311 2
jbd2 48329 1 ext4
ext3 106997 0
jbd 37214 1 ext3
ext2 53712 0
mbcache 4529 3 ext2,ext3,ext4
# modprobe xt_LOG
# lsmod | grep xt
xt_LOG 9702 0
x_tables 14115 3 ip_tables,xt_LOG,iptable_filter
xts 2773 0
gf128mul 5338 1 xts
ext4 246311 2
jbd2 48329 1 ext4
ext3 106997 0
jbd 37214 1 ext3
ext2 53712 0
mbcache 4529 3 ext2,ext3,ext4
#

# ufw enable
Firewall is active and enabled on system startup
#

# ufw status
Status: active
#

# cp -i check-requirements /tmp
# cp check-requirements-get-error.patch /tmp
# cd /tmp
# patch < check-requirements-get-error.patch
patching file check-requirements
# ./check-requirements
Has python: pass (binary: python2.7, version: 2.7.3, py2)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? Y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass

== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass

All tests passed
#

I then added xt_LOG to /etc/conf.d/modules so it is loaded at startup, and rebooted again:

# ufw status verbose...

Read more...

Revision history for this message
Sławomir Nizio (snizio) wrote :

> I then added xt_LOG to /etc/conf.d/modules so it is loaded at startup
It shouldn't be needed.

So - thank you very much for this. I will add new checks to the ebuild. Also, expect new version very soon. :)

Revision history for this message
x11tete11x (11tete11) wrote :

hi guys im busy at university sorry :D, so the problem was solve? :D, i reinstalled my Gentoo and try this again, and same error :D, i tried: modprobe xt_LOG (correct me if im wrong but this is a module right?) and get: FATAL: Module xt_LOG not found.

BTW, if i cant solve myself i will wainting for S.Nizio ebuild's :D thx all :D

x11tete11x (11tete11)
description: updated
description: updated
Revision history for this message
Sławomir Nizio (snizio) wrote :

So from your comment (modprobe output) it seems that your issue was the same - good to know!
Make sure that CONFIG_NETFILTER_XT_TARGET_LOG is enabled in your kernel configuration.
Ufw ebuild can't do it for you, but it will check for this option (depending on kernel version) and another similar one.

Revision history for this message
x11tete11x (11tete11) wrote :

nice!, now it's working! :D now i need to check whats wrong with kcm-ufw and python 3 when i do eselect python set 1 (to set python 2) kcm-ufw works but when it's set to python 3.2 stop working, anyway now i can set it from console, thx! i should put this as "solved" or something like that? thx all

Revision history for this message
Sławomir Nizio (snizio) wrote :

I will change bug status (I think I can?) when it's committed. Regarding kcm-ufw - not my stuff, so I don't know much about it. If you think it's a bug, you may want to file a bug report on the Gentoo bug tracker (maybe it has incorrect shebang?). And thanks for confirmation that ufw works. :)

Revision history for this message
x11tete11x (11tete11) wrote :

nice! thx all for help! :D

Revision history for this message
Sławomir Nizio (snizio) wrote :

I can't set it to "fix released" because "There is no package named 'ufw' published in Gentoo Linux." but the fix surely was released (I forgot to change the status thus far). Does not matter, I'm just informing.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.