@zaralX
Я человек, я упал с луны.

Как решить ошибку ufw enable?

Пытаюсь включить ufw и выходит следующий лог с закрытием ssh соеденений

root:~# sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
iptables-restore: line 4 failed
iptables-restore: line 75 failed

Problem running '/etc/ufw/before.rules'


root:~# /usr/share/ufw/check-requirements
Has python: pass (binary: python3, version: 3.9.2, py3)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: FAIL
error was: iptables: No chain/target/match by that name.
limit: pass
ctstate (NEW): FAIL
error was: iptables: No chain/target/match by that name.
ctstate (RELATED): FAIL
error was: iptables: No chain/target/match by that name.
ctstate (ESTABLISHED): FAIL
error was: iptables: No chain/target/match by that name.
ctstate (INVALID): FAIL
error was: iptables: No chain/target/match by that name.
ctstate (new, recent set): FAIL (no runtime support)
error was: iptables: No chain/target/match by that name.
ctstate (new, recent update): FAIL (no runtime support)
error was: iptables: No chain/target/match by that name.
ctstate (new, limit): FAIL
error was: iptables: No chain/target/match by that name.
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass

== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: FAIL
error was: ip6tables: No chain/target/match by that name.
limit: pass
ctstate (NEW): FAIL
error was: ip6tables: No chain/target/match by that name.
ctstate (RELATED): FAIL
error was: ip6tables: No chain/target/match by that name.
ctstate (ESTABLISHED): FAIL
error was: ip6tables: No chain/target/match by that name.
ctstate (INVALID): FAIL
error was: ip6tables: No chain/target/match by that name.
ctstate (new, recent set): FAIL (no runtime support)
error was: ip6tables: No chain/target/match by that name.
ctstate (new, recent update): FAIL (no runtime support)
error was: ip6tables: No chain/target/match by that name.
ctstate (new, limit): FAIL
error was: ip6tables: No chain/target/match by that name.
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
ipv6 rt: pass

FAIL: check your kernel and that you have iptables >= 1.4.0
FAIL: check your kernel and iptables for additional runtime support


Прошёл весь гугл не нашёл решения..
  • Вопрос задан
  • 725 просмотров
Пригласить эксперта
Ответы на вопрос 1
hint000
@hint000
у админа три руки
iptables-restore: line 4 failed
iptables-restore: line 75 failed
Problem running '/etc/ufw/before.rules'
Ругается на какие-то правила, но вы их не показали.
Показывайте из файла /etc/ufw/before.rules по крайней мере строку 4 и строку 75, на которые ругается. А лучше весь этот файл для большей ясностти.
Также командой iptables -V покажите версию iptables.
hashlimit: FAIL
покажите find /lib/modules/ -name '*xt_hashlimit*'
ctstate (NEW): FAIL
покажите find /lib/modules/ -name '*xt_conntrack*'
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы