Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: problem running ufw-init

  1. #1
    Join Date
    Nov 2009
    Beans
    4

    problem running ufw-init

    I just bought a VPS, and want to use ufw on it.
    After install ufw package, I use

    Code:
    sudo ufw enable
    to enable ufw.

    However, every time, I get the following error message, and my system stops to respond to ssh or ping after that.

    Code:
    Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
    ERROR: problem running ufw-init
    Can anyone help me on this?

  2. #2
    Join Date
    Jan 2011
    Beans
    1

    Re: problem running ufw-init

    By default ufw will deny all access to the computer, so before you enable the firewall, you should at least allow ssh access:
    Code:
    sudo ufw allow 22
    Then you should be able to enable ufw without disruption:
    Code:
    sudo ufw enable
    Granted, you will still get the message about disrupting ssh connections, but hopefully you won't get the error with ufw-init. If you're still getting the error with ufw-init, try running it directly and see what the error is:
    Code:
    sudo /lib/ufw/ufw-init start
    If it says it's already started, you may need to run:
    Code:
    sudo /lib/ufw/ufw-init force-reload
    and see what errors you get. Sometimes, they are module issues and you have to load the ufw modules (according to http://plugcomputer.org/plugforum/index.php?topic=176.0). I once had a typo in one of my rules that was causing the error with ufw-init (I had -j ALLOW instead of -j ACCEPT) and when I ran the force-reload command I got output similar to:
    Code:
    iptables-restore v1.4.4: Couldn't load target `ALLOW':/lib/xtables/libipt_ALLOW.so: cannot open shared object file: No such file or directory
    
    Error occurred at line: 66
    Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    
    Problem running '/etc/ufw/before.rules'
    Of course, if you have module errors, you may see output similar to:
    Code:
    $ sudo /lib/ufw/ufw-init start
    FATAL: Could not load /lib/modules/2.6.22.18/modules.dep: No such file or directory
    FATAL: Could not load /lib/modules/2.6.22.18/modules.dep: No such file or directory
    FATAL: Could not load /lib/modules/2.6.22.18/modules.dep: No such file or directory
    FATAL: Could not load /lib/modules/2.6.22.18/modules.dep: No such file or directory
    iptables v1.4.1.1: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    Hope that helps!

    Note: ufw-init may be in a different location on your system. I'm running 10.04 and it was there, but in some forums, I've seen them refer to the file in /usr/share/ufw/ufw-init

  3. #3
    Join Date
    Jun 2006
    Beans
    15

    Re: problem running ufw-init

    Might be one of the problems mentioned there http://blog.bodhizazen.net/linux/how...nvz-templates/

  4. #4
    Join Date
    Nov 2009
    Location
    Segur De Calafell, Spain
    Beans
    11,660
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: problem running ufw-init

    It just happened to me today. It is usually some error in a rule.

    Did you make any changes to /etc/ufw/before.rules or /etc/ufw/after.rules? Does the provider provide these files as default or they have some changes in them?

    If you have everything by default you shouldn't get that error.

    And as already mentioned, make sure you open at least your SSH port (22 or another if you changed it) because enabling ufw without a rule to allow the port will kick you out and lock you out immediately.
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 12.04 LTS 64bit & Windows 7 Ultimate 64bit

  5. #5
    Join Date
    Jan 2012
    Beans
    3

    Re: problem running ufw-init

    I'm having a similar problem. Whenever I do "sudo ufw enable" it throws the ufw-init error as above. But if I enable it again it succeeds. I did troubleshooting by doing the force-reload of ufw-init, and it tells me there's an error in before.rules on line 72. Line 72 and 73 were the lines I entered into before.rules to allow icmp for ping. Here are those two lines...is there something I did wrong?

    Also...ping doesn't work! With those two lines commented out, ufw loads without an error, but ping doesn't work. If I uncomment the lines, ufw throws an error (but still loads on the second attempt) and ping still doesn't work. If UFW is disabled, ping works.

    Code:
    # allow outbound icmp
    -A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    -A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
    Last edited by DocHoss; May 2nd, 2012 at 06:40 PM. Reason: Also...

  6. #6
    Join Date
    Jan 2008
    Beans
    19

    Re: problem running ufw-init

    Still a problem.
    Using ufw 0.30pre1-0ubuntu2

  7. #7
    Join Date
    Nov 2009
    Location
    Segur De Calafell, Spain
    Beans
    11,660
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: problem running ufw-init

    Quote Originally Posted by valugi View Post
    Still a problem.
    Using ufw 0.30pre1-0ubuntu2
    As already discussed, this is not a problem with ufw itself. It's usually a problem with a syntax of a rule you have set up.

    Double check the rules you have added into before.rules or another ufw file.
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 12.04 LTS 64bit & Windows 7 Ultimate 64bit

  8. #8
    Join Date
    Jun 2006
    Location
    London
    Beans
    22
    Distro
    Ubuntu Development Release

    Unhappy Re: problem running ufw-init

    I'm seeing this too. To eliminate issues with rules I completely removed ufw and all config files:
    Code:
    aptitude remove ufw
    aptitude purge ufw
    rm -rf /etc/ufw /lib/ufw
    iptables -F
    I then check iptables to ensure it's all gone:
    Code:
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    Then I reinstalled ufw. As part of the install it creates new config files:
    Code:
    Creating config file /etc/ufw/before.rules with new version
    Creating config file /etc/ufw/before6.rules with new version
    Creating config file /etc/ufw/after.rules with new version
    Creating config file /etc/ufw/after6.rules with new version
    I then enable it, and get the same ufw-init error. Running strace on the enable showed me it was missing modules for FTP and irc, so I disabled all extra modules in /etc/default/ufw. Enabling still failed, this time complaining about the before script (which doesn't refer to the removed modules), even though it is absolutely stock.

    Code:
    lseek(3, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
    read(3, "iptables-restore: line 66 failed"..., 8192) = 33
    read(3, "iptables-restore: line 30 failed"..., 8159) = 33
    read(3, "\n", 8126)                     = 1
    read(3, "Problem running '/etc/ufw/before"..., 8125) = 79
    read(3, "", 8046)                       = 0
    --- SIGCHLD (Child exited) @ 0 (0) ---
    The line numbers (30 and 66) mentioned in before.rules are:
    Code:
    -A ufw-before-input -m state --state INVALID -j DROP
    COMMIT
    Those look good to me.

    It appears that running enable a second time does not trigger the error and things seem to work; the issue is that the first time it's run, not only does it not work, but it also blocks all new connections - so as long as I still have an open connection I can recover, but that's not a nice place to be.

  9. #9
    Join Date
    Dec 2008
    Beans
    4

    Re: problem running ufw-init

    Same here with a fresh install of Ubuntu Server 10.04 and ufw.
    Running 'ufw enable' twice does the job, but it probably means that ufw isn't started automatically ;(

  10. #10
    Join Date
    Mar 2007
    Beans
    10

    Re: problem running ufw-init

    Same issue on 11.04 server in VPS. Any resolution? The ICMP rules are not being applied, and ping is not responding... Normal TCP rules are in effect.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •