Thank you for your response.
Tried a 4.19 kernel, then tried 4.20.10, same result as the 4.17 kernel.
Output of '/usr/share/ufw/check-requirements'
ERROR: Couldn't determine iptables version
Output of '/sbin/iptables --version'
iptables v1.8.2 (nf_tables)
Searching for issues with iptables and nftables, it seems to be a mess with
dependencies. I'm (obviously) not a programmer, but I took a wild guess and
enabled all of the nfttables kernel modules (a dozen or so). Now it works.
The ufw "ERROR: Couldn't determine iptables version" didn't lead me to
assume I needed additional kernel modules.
Thank you,
Jeff H.
On Fri, Feb 15, 2019 at 4:10 PM Jamie Strandboge <ja...@canonical.com>
wrote:
> On Thu, 07 Feb 2019, PanaColina wrote:
>
> > Package: ufw
> > Version: 0.36-1
> > Severity: grave
> > Justification: renders package unusable
> >
> > Dear Maintainer,
> >
> > On clean new install of ufw, any ufw command
> > (eg: "ufw status") results in:
> > "ERROR: Couldn't determine iptables version"
> >
> > Additional packages automatically installed at the same time:
> > iptables 1.8.2-3
> > libnftables0 0.9.0-2
> > libnftnl11 1.1.2-2
> > nftables 0.9.0-2
> >
> > Assuming some conflict, I removed nftables and libnftables0, but error
> > persists.
> >
> > ufw is set as dependent on libnftnl11, and of course iptables
> >
>
> I cannot reproduce this with the current 4.19 kernel or on an older 4.17
> kernel
> (like you have-- you may want to consider upgrading).
>
> $ dpkg -l|grep -E '(ufw|iptables|nft)'|awk '{print $1, $2, $3}'
> ii iptables 1.8.2-3
> ii libnftables0:amd64 0.9.0-2
> ii libnftnl11:amd64 1.1.2-2
> ii libnftnl7:amd64 1.1.1-1
> ii nftables 0.9.0-2
> ii ufw 0.36-1
>
> $ /sbin/iptables --version
> iptables v1.8.2 (nf_tables)
>
> $ sudo ufw status
> Status: inactive
>
> $ sudo ufw enable
> Firewall is active and enabled on system startup
>
> $ sudo ufw status
> Status: active
>
> To Action From
> -- ------ ----
> 22/tcp ALLOW Anywhere
> 22/tcp (v6) ALLOW Anywhere (v6)
>
>
> It continues to work with iptables-legacy (using update-alternatives; I
> updated
> the alternative, ran ufw disable and rebooted):
>
> $ /sbin/iptables --version
> iptables v1.8.2 (legacy)
>
> $ sudo ufw status
> Status: inactive
>
> $ sudo ufw enable
> Firewall is active and enabled on system startup
>
> $ sudo ufw status
> Status: active
>
> To Action From
> -- ------ ----
> 22/tcp ALLOW Anywhere
> 22/tcp (v6) ALLOW Anywhere (v6)
>
>
> What is the output of 'sudo /usr/share/ufw/check-requirements'?
>
> What is the output of '/sbin/iptables --version'?
>
>
> > -- System Information:
> > Debian Release: buster/sid
> > APT prefers unstable
> > APT policy: (500, 'unstable')
> > Architecture: amd64 (x86_64)
> > Foreign Architectures: i386
> >
> > Kernel: Linux 4.17.17 (SMP w/8 CPU cores)
> > Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
> > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
> > LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
> > Shell: /bin/sh linked to /bin/dash
> > Init: systemd (via /run/systemd/system)
> >
> > Versions of packages ufw depends on:
> > ii debconf [debconf-2.0] 1.5.70
> > ii iptables 1.8.2-3
> > ii lsb-base 10.2018112800 <javascript:void(0);>
> > ii python3 3.7.2-1
> > ii ucf 3.0038+nmu1
> >
> > ufw recommends no packages.
> >
> > Versions of packages ufw suggests:
> > ii rsyslog 8.40.0-1+b1
> >
> > -- debconf information:
> > ufw/existing_configuration:
> > ufw/allow_known_ports:
> > ufw/enable: false
> > ufw/allow_custom_ports:
> --
> Jamie Strandboge | http://www.canonical.com
>
