arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
#1
hello all experts. few days ago i do install "ufw" iptable rules app in my vps. but after done all settings and try to enable the ufw i got these errors and the application is not running..


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@kvm-************:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
iptables-restore: line 2 failed
ip6tables-restore: line 2 failed


This is my machine


root@***************:~# uname -a
Linux kvm-********* 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt9-3~deb8u1 (2015-04-24) x86_64 GNU/Linux


Kindly help me to resolve this issue. due to this issue many of my server ports are misbehave or blocked
Heart LOVE FOR ALL  HATRED FOR NONE Heart
#2
Why not simply use the already available iptables? Anyway...

Can you run the command below and post the output:
/usr/share/ufw/check-requirements

Also please post the output of the rules that are being loaded by ufw? So we can see what "line 2" is.

Also the error message you posted... was that it? Nothing more?

Can you run the enable command again and after that post the output of:
journalctl -xe
[Image: zHHqO5Q.png]
#3
(06-10-2020, 04:59 AM)Hidden Refuge Wrote: Why not simply use the already available iptables? Anyway...

Can you run the command below and post the output:
/usr/share/ufw/check-requirements

Also please post the output of the rules that are being loaded by ufw? So we can see what "line 2" is.

Also the error message you posted... was that it? Nothing more?

Can you run the enable command again and after that post the output of:
journalctl -xe




root@********:~# /usr/share/ufw/check-requirements
Has python: pass (binary: python2.7, version: 2.7.13, py2)
Has iptables: pass
Has ip6tables: pass

Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass

This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)? y
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
ctstate (NEW): pass
ctstate (RELATED): pass
ctstate (ESTABLISHED): pass
ctstate (INVALID): pass
ctstate (new, recent set): pass
ctstate (new, recent update): pass
ctstate (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass

== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
ctstate (NEW): pass
ctstate (RELATED): pass
ctstate (ESTABLISHED): pass
ctstate (INVALID): pass
ctstate (new, recent set): pass
ctstate (new, recent update): pass
ctstate (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
ipv6 rt: pass

All tests passed




root@kvm-P************:~# journalctl -xe
Jun 10 01:06:41 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:06:50 kvm- systemd-timesyncd[280]: interval/delta/
Jun 10 01:07:18 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:07:42 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:07:48 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:07:59 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:07:59 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:07:59 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:05 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:06 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:25 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:34 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:40 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:47 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:54 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:54 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:55 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:08:59 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:09:01 kvm- CRON[14894]: pam_unix(cron:session): se
Jun 10 01:09:01 kvm- CRON[14895]: (root) CMD (  [ -x /usr/li
Jun 10 01:09:01 kvm- CRON[14894]: pam_unix(cron:session): se
Jun 10 01:09:30 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
Jun 10 01:09:40 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00
lines 979-1001/1001 (END)
Jun 10 01:06:41 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:06:50 kvm- systemd-timesyncd[280]: interval/delta/delay/jitter/drift 2048s/+0.000s/0
Jun 10 01:07:18 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:07:42 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:07:48 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:07:59 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:07:59 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:07:59 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:05 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:06 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:25 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:34 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:40 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:47 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:54 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:54 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:55 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:08:59 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:09:01 kvm- CRON[14894]: pam_unix(cron:session): session opened for user root by (uid
Jun 10 01:09:01 kvm- CRON[14895]: (root) CMD (  [ -x /usr/lib/php/sessionclean ] && if [ ! -d
Jun 10 01:09:01 kvm- CRON[14894]: pam_unix(cron:session): session closed for user root
Jun 10 01:09:30 kvm- kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
Jun 10 01:09:40 kvm-kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:ed:30:1b:3c:61:04:5b:2a:c1:
~
~
~
~
~
~
lines 979-1001/1001 (END)
Heart LOVE FOR ALL  HATRED FOR NONE Heart
#4
Thanks for the quick feedback. Unfortunately no useful information in terms of any other meaningful error messages or hints.

Can you run the command below and post the output?
head -n10 /etc/ufw/user.rules
(Will output the first 10 lines of rules that ufw is trying to load when it starts.)

^ This is what I asked for:
Hidden Reufge Wrote:Also please post the output of the rules that are being loaded by ufw? So we can see what "line 2" is.

I'm not really sure but from what I found during my research so far... it might be a bug in ufw/iptables.
[Image: zHHqO5Q.png]
#5
@HR i sorry yesterday my boss give me a site project and i am unable to continue with you. late night i done some command and wish that all are ok. let me tell you.
i done this with sequence.


sudo ufw disable
sudo /lib/ufw/ufw-init flush-all
sudo ufw enable


and looks like the error was gone. but suddenly when i reboot my machine and make ufw again enable the error is again exist.


root@kvm-***********:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
iptables-restore: line 2 failed
ip6tables-restore: line 2 failed

 
and here is the command result what you want to me.


root@kvm-***s:~# journalctl -xe
Jun 11 00:08:25 kvm-** systemd[1]: Unit mariadb.service entere
Jun 11 00:08:25 kvm-** exim4[945]: Starting MTA:exim: failed t
Jun 11 00:08:25 kvm-** exim4[945]: Invalid new configfile /var
Jun 11 00:08:25 kvm-** exim4[945]: /var/lib/exim4/config.autog
Jun 11 00:08:25 kvm-** systemd[1]: exim4.service: control proc
Jun 11 00:08:25 kvm-** systemd[1]: [b]Failed to start LSB: exim M[/b]
-- Subject: Unit exim4.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit exim4.service has failed.
--
-- The result is failed.
Jun 11 00:08:25 kvm-******* systemd[1]: [b]Unit exim4.service entered[/b]
Jun 11 00:08:25 kvm-******* sshd[938]: Accepted password for root f
Jun 11 00:08:25 kvm-******* sshd[938]: pam_unix(sshd:session): sess
Jun 11 00:08:35 kvm-******* nscd[587]: [b]587 checking for monitored f[/b]
Jun 11 00:08:47 kvm-******* systemd-timesyncd[361]: Using NTP serve
Jun 11 00:08:48 kvm-******* systemd-timesyncd[361]: interval/delta/
Jun 11 00:09:02 kvm-******* CRON[1287]: pam_unix(cron:session): ses
Jun 11 00:09:02 kvm-******* CRON[1289]: (root) CMD (  [ -x /usr/lib
Jun 11 00:09:02 kvm-******* CRON[1287]: pam_unix(cron:session): ses
Jun 11 00:09:02 kvm-******* kernel: [b]perf interrupt took too long (2[/b]
[b]lines 583-605/605 (END)[/b]




and the second one command is :


root@kvm-******:~# head -n10 /etc/ufw/user.rules
*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-logging-forward - [0:0]
root@kvm-*****:~#
Heart LOVE FOR ALL  HATRED FOR NONE Heart
#6
I see nothing wrong so far (excluding the failed exim4 startup as it is unrelated to the issue in this thread). The rule set looks pretty much 100% like a generic default ufw rule set. Line 2 is the first rule and nothing wrong about it.

I'm not a ufw user and not a big fan of it either.

Here is another thing that might help. Open the file "/etc/default/ufw" and set "IPV6=yes" to "IPV6=no". If "IPV6=" is missing in the file just add "IPV6=no" yourself. After that reboot and see how it goes.
[Image: zHHqO5Q.png]
#7
...
Has ip6tables: pass
....
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
... ...
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
...
...
ipv6 rt: pass

All tests passed


so these are from his requirement test. nothing missings to run ipv6 part successfully.

so i wonder what this ipv6 disable is going to do though.

it is most probably module load errors. those are referred in the following files..

/etc/ufw/before.rules
/etc/ufw/before6.rules
/etc/ufw/after.rules
/etc/ufw/after6.rules

so you may check what's in them.

ADDITIONAL..
please run
sudo /lib/ufw/ufw-init start
or if it is already running, then
sudo /lib/ufw/ufw-init force-reload

and share the output of anything new in it.

then you may run the following commands to just get a fresh ufw

apt-get purge ufw -y --force-yes

apt-get update; apt-get upgrade -y --force-yes

apt-get install ufw
## from ubuntuforum


also please run 'strace' on the enable command for us.

thanks
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
12,324
02-24-2021, 07:17 AM
Last Post: Pacific Spirit
2,950
11-27-2020, 02:53 AM
Last Post: Rehan
13,420
06-17-2020, 04:32 PM
Last Post: Mashiro
5,094
02-13-2020, 09:50 AM
Last Post: deanhills

person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting