View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006094||Kali Linux||General Bug||public||2020-02-11 07:39||2020-12-01 10:48|
|Summary||0006094: UFW: fails at start and blocks all incoming packets|
Problem running '/etc/ufw/user.rules'
After this message all incoming packets are blocked. But I see no message [UFW BLOCK... in my log.
The same rules are running on two kali-systems. The difference is, that the last update of the system without ufw-failure was at 2020-02-06 14:59:18 GMT+1. On the system with failure I do the dist-upgrade at Monday 2020-02-10 15:24:23 GMT+1.
ERROR: problem running ufw-init
Problem running '/etc/ufw/user.rules'
I actually removed and purged both ufw and iptables because of this bug.
You can enable ufw and you will see this bug. Logging not working at all which maybe the issue I'm not yet sure and I would be happy to hear from the maintainers who merged this from the upstream. Do anyone test packages before sending out in kali-rolling? This is a major bug and it should be marked as CRITICAL!
Last week ufw was upgraded to 0.36-1. It was running without any error. First after the upgrade of some other packages yesterday, the problem occurs. Therefore I believe, that kali has problems with different levels of software in the case, when a product especially depends on another product.
Is not ufw which has problems because "last week" worked even yesterday. Far as I see this is a bug of IPTABLES
UFW works correctly but can't commit to iptables.
You can check using < iptables -S > that your rules are not passed by ufw.
I have tried to install the older version of iptables from kali-rolling but according to apt-cache policy iptables only version 1.8.4-2 is available. On debian https://tracker.debian.org/news/1100518/iptables-184-2-migrated-to-testing/ you can see that the current version of iptables is in fact under testing!
||/ Name Version Architektur Beschreibung
If I call "ipatbles -S " on 1.8.4-2, then I only receive
-P INPUT ACCEPT
I see no tables.
I'm glad to have created a second kali on an usb-ssd: This is my trying / backup / destroy system, where I make upgrades. Firstly If I have no errors, then I upgrade my main system on the laptop. One the week I synchronise the usb-system with my main system: I boot kali-live on my laptop and let run my bash, which use rsync. So I can do my work without interruption.
No matter what you do. This is a big bug affecting everyone seriously.
This is likely this Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951102
And reported upstream here: https://bugzilla.netfilter.org/show_bug.cgi?id=1400
I'll downgrade iptables in kali-rolling for now.
The following packages have unmet dependencies:
This is a big problem.
apt autoremove --purge libip4tc2 libip6tc2 libiptc0 libxtables12
Good Morning Hacktivist,
1) apt-get install iptables=1.8.3-2 libip4tc2=1.8.3-2 libip6tc2=1.8.3-2 libiptc0=1.8.3-2 libxtables12=1.8.3-2
2) I restart my system
3) I re-enable my ufw. Allthing goes right
4) I make an update of my packet list and a dist-upgrade (apt-get update;apt-get dist-upgrade). The version 1.8.4-2 of iptables isn't seen:
espeak-ng-data exploitdb keyutils libbson-1.0-0 libcgi-pm-perl libespeak-ng1 libkeyutils1 libkeyutils1:i386 libmongoc-1.0-0 libnet-dns-sec-perl libpng-dev libpng-tools libpng16-16 libpng16-16:i386 liburi-perl login passwd python-cryptography python-passlib python3-cryptography python3-passlib
I believe, that the stuff of kali must do something, to remove the failing version of iptables from systems, where it is allready installed !!!
root@localhost:~# ufw status verbose
root@localhost:~# ufw default deny incoming
root@localhost:~# nano /etc/default/ufw
Thanks for the hint! I forgot the =version
Rose: stuff is not staff
This will be properly fixed for everybody once 1.8.4-3 from Debian enters Kali. We will wait until it reaches testing.
1.8.4-3 is in Debian testing
|2020-02-11 07:39||RoseDeSable||New Issue|
|2020-02-11 08:22||hacktivist||Note Added: 0012197|
|2020-02-11 08:26||hacktivist||Note Added: 0012198|
|2020-02-11 08:40||RoseDeSable||Note Added: 0012199|
|2020-02-11 08:49||hacktivist||Note Added: 0012200|
|2020-02-11 09:19||RoseDeSable||Note Added: 0012201|
|2020-02-11 10:07||hacktivist||Note Added: 0012203|
|2020-02-12 13:43||rhertzog||Note Added: 0012264|
|2020-02-12 13:43||rhertzog||Assigned To||=> rhertzog|
|2020-02-12 13:43||rhertzog||Status||new => assigned|
|2020-02-13 09:08||hacktivist||Note Added: 0012267|
|2020-02-13 09:50||RoseDeSable||Note Added: 0012268|
|2020-02-13 10:24||hacktivist||Note Added: 0012269|
|2020-02-13 10:33||hacktivist||Note Added: 0012270|
|2020-02-14 10:26||rhertzog||Note Added: 0012282|
|2020-02-21 14:11||sbrun||Status||assigned => resolved|
|2020-02-21 14:11||sbrun||Resolution||open => fixed|
|2020-02-21 14:11||sbrun||Fixed in Version||=> 2020.2|
|2020-02-21 14:11||sbrun||Note Added: 0012326|
|2020-12-01 10:48||g0tmi1k||Priority||high => normal|