help with ufw :(

[NepT1]

I have set up an ftp server on an orangepi zero 2, it works correctly but as soon as I activate the firewall it blocks all inputs, supposedly the rules are well added.

 

>ufw enable

 

ERROR: problem running ufw-init

iptables-restore v1.8.4 (legacy): unknown option "--log-prefix"

Error occurred at line: 41

Try `iptables-restore -h' or 'iptables-restore --help' for more information.

ip6tables-restore v1.8.4 (legacy): unknown option "--log-prefix"

Error occurred at line: 41

Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.

 

Problem running '/etc/ufw/user.rules'

Problem running '/etc/ufw/user6.rules'

 

> nano /etc/ufw/user.rules

 

*filter

:ufw-user-input - [0:0]

:ufw-user-output - [0:0]

:ufw-user-forward - [0:0]

:ufw-before-logging-input - [0:0]

:ufw-before-logging-output - [0:0]

:ufw-before-logging-forward - [0:0]

:ufw-user-logging-input - [0:0]

:ufw-user-logging-output - [0:0]

:ufw-user-logging-forward - [0:0]

:ufw-after-logging-input - [0:0]

:ufw-after-logging-output - [0:0]

:ufw-after-logging-forward - [0:0]

:ufw-logging-deny - [0:0]

:ufw-logging-allow - [0:0]

### RULES ###

 

### tuple ### allow tcp 20 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 20 -j ACCEPT

 

### tuple ### allow tcp 21 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 21 -j ACCEPT

 

### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 22 -j ACCEPT

 

### tuple ### allow tcp 990 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 990 -j ACCEPT

 

### tuple ### allow tcp 2222 0.0.0.0/0 any 0.0.0.0/0 in

-A ufw-user-input -p tcp --dport 2222 -j ACCEPT

 

### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_tun0

-A ufw-user-output -o tun0 -j ACCEPT

 

### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_tun0

-A ufw-user-input -i tun0 -j ACCEPT

 

### END RULES ###

### LOGGING ###

-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10

-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10

-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10

-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10

-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10

### END LOGGING ###

COMMIT

[Werner]

moved to userspace related issues

[Myron]

@NepT1 I think ufw and iptables-restore are not compatible with each other.  Several articles on the Internet I've seen seem to mention to turn off UFW if using iptables-restore. Something I've not looked at for myself so I need to do some of my own research.

To signpost you, I guess a good place to start is a Google search like, or similar to:  https://www.google.com/search?q=linux+"iptables-restore"+"ufw"

[NepT1]

After many tries I managed to make it work, I don't know how I did it but one of the steps was to uninstall ufw and use firewalld