I am currently working on an automated shell setup script for my Raspberry Pi 4. This includes installing and setting up ufw as my firewall.
However, I'm currently stuck with configuring ufw. My script code looks like this:
sudo apt-get install -y ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw route allow in on wlan0 out on wlan1
sudo ufw enable
The following error message occurs when running the code:
$ Error: Couldn't determine iptables version
Some little research on that error message suggested me to reboot the Pi first after installing ufw and then configure the rules and enable them.
That's indeed an easy approach, but I don't want to create an additional script just for setting up the firewall.
I assume, that ufw just needs a little hint to get the iptables version. Does anybody know how to resolve this error without rebooting?
PS: I already tried sudo update-alternatives --set iptables /usr/sbin/iptables-legacy before adding any rule configuration. This, however, got me the following errors:
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)
WARN: initcaps
[Errno 2] iptables v1.8.2 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Rules updated
Rules updated (v6)
WARN: initcaps
[Errno 2] iptables v1.8.2 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Rules updated
Rules updated (v6)
WARN: initcaps
[Errno 2] iptables v1.8.2 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Rules updated
ERROR: problem running ufw-init
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.97-v7l+/modules.dep.bin'
modprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/4.19.97-v7l+
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.97-v7l+/modules.dep.bin'
modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/4.19.97-v7l+
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.97-v7l+/modules.dep.bin'
modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/4.19.97-v7l+
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 12
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 12
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (legacy): iptables-restore: unable to initialize table 'filter'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Problem loading ipv6 (skipping)
Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/after.rules'
Problem running '/etc/ufw/user.rules'
Many thanks in advance!
Edit: I managed to get the latest Raspi OS (and not Raspian anymore) image via the new URL https://downloads.raspberrypi.org/raspios_lite_arm64_latest.
Raspberry Pi then comes with kernel version 5.4.51-v8+ (instead of 4.19.97-v7l+).
Still got the problem that it will upgrade to kernel version 5.10.5-v8+. And probably deletes 'the old' modules/5.4.51-v8 directory.
Output from lsmod (after the pi upgraded to kernel 5.10.5-v8+ and rebooted):
Module Size Used by
aes_neon_blk 36864 1
crypto_simd 24576 1 aes_neon_blk
cryptd 28672 1 crypto_simd
bnep 28672 2
hci_uart 49152 1
btbcm 24576 1 hci_uart
bluetooth 438272 24 hci_uart,btbcm,bnep
ecdh_generic 16384 2 bluetooth
ecc 36864 1 ecdh_generic
xt_MASQUERADE 16384 1
iptable_nat 16384 1
nf_nat 49152 2 iptable_nat,xt_MASQUERADE
nf_conntrack 139264 2 nf_nat,xt_MASQUERADE
nf_defrag_ipv6 24576 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrack
rtl8192cu 86016 0
rtl_usb 24576 1 rtl8192cu
rtl8192c_common 61440 1 rtl8192cu
rtlwifi 118784 3 rtl8192c_common,rtl_usb,rtl8192cu
mac80211 901120 3 rtl_usb,rtl8192cu,rtlwifi
brcmfmac 323584 0
brcmutil 24576 1 brcmfmac
libarc4 16384 1 mac80211
sha256_generic 16384 0
vc4 270336 0
cec 53248 1 vc4
cfg80211 860160 3 rtlwifi,brcmfmac,mac80211
drm_kms_helper 245760 2 vc4
v3d 81920 0
bcm2835_v4l2 45056 0
rfkill 36864 7 bluetooth,cfg80211
bcm2835_isp 32768 0
bcm2835_codec 49152 0
bcm2835_mmal_vchiq 32768 3 bcm2835_codec,bcm2835_v4l2,bcm2835_isp
gpu_sched 40960 1 v3d
v4l2_mem2mem 45056 1 bcm2835_codec
videobuf2_dma_contig 24576 2 bcm2835_codec,bcm2835_isp
videobuf2_vmalloc 20480 1 bcm2835_v4l2
videobuf2_memops 20480 2 videobuf2_vmalloc,videobuf2_dma_contig
drm 557056 5 gpu_sched,drm_kms_helper,v3d,vc4
videobuf2_v4l2 32768 4 bcm2835_codec,bcm2835_v4l2,v4l2_mem2mem,bcm2835_isp
videobuf2_common 61440 5 bcm2835_codec,videobuf2_v4l2,bcm2835_v4l2,v4l2_mem2mem,bcm2835_isp
drm_panel_orientation_quirks 20480 1 drm
snd_soc_core 241664 1 vc4
snd_compress 20480 1 snd_soc_core
snd_pcm_dmaengine 20480 1 snd_soc_core
snd_bcm2835 24576 1
vc_sm_cma 40960 2 bcm2835_mmal_vchiq,bcm2835_isp
snd_pcm 126976 5 vc4,snd_bcm2835,snd_compress,snd_soc_core,snd_pcm_dmaengine
videodev 299008 6 bcm2835_codec,videobuf2_v4l2,bcm2835_v4l2,videobuf2_common,v4l2_mem2mem,bcm2835_isp
raspberrypi_hwmon 16384 0
snd_timer 36864 1 snd_pcm
mc 57344 6 videodev,bcm2835_codec,videobuf2_v4l2,videobuf2_common,v4l2_mem2mem,bcm2835_isp
snd 102400 7 snd_bcm2835,snd_timer,snd_compress,snd_soc_core,snd_pcm
rpivid_mem 16384 0
syscopyarea 16384 1 drm_kms_helper
sysfillrect 16384 1 drm_kms_helper
sysimgblt 16384 1 drm_kms_helper
fb_sys_fops 16384 1 drm_kms_helper
backlight 20480 1 drm
uio_pdrv_genirq 16384 0
uio 24576 1 uio_pdrv_genirq
i2c_dev 20480 0
ip_tables 32768 1 iptable_nat
x_tables 45056 2 ip_tables,xt_MASQUERADE
ipv6 528384 34
