[SOLVED] ufw and gufw appeared to have uninstalled

dcolburn · 2022-12-27 16:17:25

Some weirdness ... I have Devuan Linux plus nginx plus grav-admin installed on my Dell OptiPlex 7050 configured in Raid 1.

ufw and gufw, previously installed and configured, have disappeared from the install as if never there.

What I mean is that neither responds and when I go to Synaptic Package Manager they aren't greyed - which I take to mean that Devuan doesn't see them as installed.

How would that happen, please?

Thanks

Head_on_a_Stick · 2022-12-27 16:37:24

Those packages don't seem to have been added to the banned list.

Have you checked the logs?

zcat /var/log/dpkg.log.*.gz | cat - /var/log/dpkg.log | grep 'ufw'

dcolburn · 2022-12-27 16:42:57

Response is "gzip: /var/log/dpkg.log.*gz: No such file or directory"

Head_on_a_Stick · 2022-12-27 16:51:23

Sorry, working blind with that one. Find the logs yourself then. EDIT: the system probably isn't old enough to have rotated the logs so

grep 'ufw' /var/log/dpkg.log

I don't have a De{vu,bi}an system handy so I don't actually know where the logs are...

Last edited by Head_on_a_Stick (2022-12-27 16:52:41)

dcolburn · 2022-12-27 16:57:20

That doesn't return an error - just back to the prompt.

Odd stuff happening ...

Head_on_a_Stick · 2022-12-27 16:58:45

Perhaps check the Synaptic log as well but I thought all package management operations were collated under the dpkg log.

dcolburn · 2022-12-27 17:27:16

Synaptic Package Manager (File -> History) shows no deletion of ufw or gufw

It also doesn't show either being installed.

I read this "... you won't see any packages installed, updated or removed from the command line (using apt, apt-get, dpkg), using the Software Updater, or the Software application. Similarly, the /var/log/apt/history.log APT log file only lists actions performed using apt/apt-get."

dcolburn · 2022-12-27 18:53:40

OK, I followed Steps 2 & 3 here https://www.codingforentrepreneurs.com/ … -firewall/

I wasn't sure about Step 4 so I skipped it and went to Step 5 - which appeared to work fine and returned the expected URL.

Now I'll try to get back to grav ...

Head_on_a_Stick · 2022-12-27 19:01:00

If you just want a firewall that only allows ports 22, 80 & 443 see https://wiki.nftables.org/wiki-nftables … r_a_server

ufw is bloat!

dcolburn · 2022-12-27 19:35:20

OK, so I just read that GUFW is a UI for UFW and UFW is a wrapper for iptables or nftables.

I dislike bloat but am mostly not tinkering with tech and often forget detail - which is where a wrapper and a UI saves me.

Given my application to serve text files (many with embedded images), a blog, a small news aggregator, some links pages, a basic learning-certificate program, and a Docker-based scanner feed (the only thing that will use Docker) - using grav on top of nginx - might I find nftables getting very complicated?

Head_on_a_Stick · 2022-12-27 19:53:06

Not really.

It's as simple as

# apt install nftables orphan-sysvinit-scripts {g,}ufw-
# cp /usr/share/orphan-sysvinit-scripts/nftables /etc/init.d
# update-rc.d nftables defaults
# editor /etc/nftables.conf # copy in example file from my link
# /etc/init.d/nftables start

Then check with

# nft list ruleset

It would be even simpler had Debian bothered to supply an init script for nftables but unfortunately the developer doesn't give a crap about alternative init systems. For shame!

dcolburn · 2022-12-28 17:40:05

OK. I'm going to go minimalist, one step at a time.

I've uninstalled grav.

I used Synaptic to uninstall ufw and gufw - but whereis finds ufw still in /etc/ufw (multiple .rules, .init, .conf and one .init file in there)

/etc/gufw still contains app.profiles, gufw.cfg, Home.profile, Office.profile, and Public.profile.

I can just delete these directories/folders and files but do you know why Synaptic uninstall left these behind?

Head_on_a_Stick · 2022-12-28 17:54:14

https://raphaelhertzog.com/2011/01/31/d … ion-files/

Last edited by Head_on_a_Stick (2022-12-28 17:54:23)

dcolburn · 2022-12-28 19:09:27

Cool.

Aptitude isn't installed - is it worth adding?

I returned to Synaptic and selected Status then Uninstalled then gufw and ufw to completely remove.

It left those two folders in place and deleted all but applications.p from ufw and left gufw.cfg, Home.profile, Office.profile, and Public.profile behind in gufw (it only deleted app.profile).

I'll remove the rest manually.

dcolburn · 2022-12-28 19:21:40

In nftables.conf - when I copy in from https://wiki.nftables.org/wiki-nftables … r_a_server do I replace all but the 'shebang' line at the top?

Head_on_a_Stick · 2022-12-28 19:34:52

/etc/init.d/nftables calls /usr/bin/nft -f /etc/nftables.conf so the file doesn't actually need a shebang.

EDIT: use this to check after the service starts:

# nft list ruleset

Last edited by Head_on_a_Stick (2022-12-28 19:36:40)

dcolburn · 2022-12-28 19:48:24

root@devuan1:/etc# nft list ruleset
table inet firewall {
	chain inbound_ipv4 {
	}

	chain inbound_ipv6 {
		icmpv6 type { nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
	}

	chain inbound {
		type filter hook input priority filter; policy drop;
		ct state vmap { invalid : drop, established : accept, related : accept }
		iifname "lo" accept
		meta protocol vmap { ip : jump inbound_ipv4, ip6 : jump inbound_ipv6 }
		tcp dport { 22, 80, 443 } accept
	}

	chain forward {
		type filter hook forward priority filter; policy drop;
	}
}
root@devuan1:/etc#

dcolburn · 2022-12-28 19:50:22

If that's as it should be - should I make a mod re. the potential for "ping flood" as mentioned?

Also, as I understand it, our ISP https://bulloch.solutions/home/ doesn't support ip6v - should those references be commented-out or deleted or is there no harm in leaving them there?

Last edited by dcolburn (2022-12-28 20:05:26)

Head_on_a_Stick · 2022-12-28 20:03:10

It is my understanding that ICMP echo requests should be allowed but I'm no expert.

Reference: http://shouldiblockicmp.com/

dcolburn · 2022-12-28 20:08:07

Head_on_a_Stick wrote:

It is my understanding that ICMP echo requests should be allowed but I'm no expert.
Reference: http://shouldiblockicmp.com/

OK, I'll leave it be.

I believe that the ASUS router I'm using has some firewall controls - I could look at preventing a ping flood there first.

dcolburn · 2022-12-28 20:10:22

Should I disable iptables? https://linux-audit.com/nftables-beginn … filtering/

"It is possible to mix iptables and nftables. However, this increases complexity and also the chance to introduce errors. So keep it simple and flush out all iptables rules, and make sure it is not loaded."

    iptables -F
Do the same for IPv6:
    ip6tables -F

"Ensure that during system reboots the iptables configuration or modules are no longer loaded." (I'm not sure how to do this.)

Last edited by dcolburn (2022-12-28 20:10:49)

Head_on_a_Stick · 2022-12-28 20:39:42

I think nftables should be the default backend for any "iptables" implementations.

See https://wiki.debian.org/nftables and run

for i in {ip{,6},arp,eb}tables ; do sudo update-alternatives --config $i ; done

All of the alternatives should be pointing to *tables-nft, change them if they don't.

Check for any extant iptables configuration with

# iptables-save

I'm pretty sure that should be blank.

dcolburn · 2022-12-28 21:03:32

OK, done, with no errors.

Just one outstanding question then I probably should close this as Solved ...

As I understand it, our ISP https://bulloch.solutions/home/ doesn't support ip6v - should those references be commented-out or deleted or is there no harm in leaving them there?

Head_on_a_Stick · 2022-12-28 21:10:29

I don't have IPv6 at the moment but I leave the firewall functionality intact just in case my ISP adds it without telling me.

dcolburn · 2022-12-28 21:24:36

Cool. OK, thanks.

The officially official Devuan Forum!

#1 2022-12-27 16:17:25

[SOLVED] ufw and gufw appeared to have uninstalled

#2 2022-12-27 16:37:24

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#3 2022-12-27 16:42:57

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#4 2022-12-27 16:51:23

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#5 2022-12-27 16:57:20

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#6 2022-12-27 16:58:45

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#7 2022-12-27 17:27:16

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#8 2022-12-27 18:53:40

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#9 2022-12-27 19:01:00

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#10 2022-12-27 19:35:20

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#11 2022-12-27 19:53:06

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#12 2022-12-28 17:40:05

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#13 2022-12-28 17:54:14

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#14 2022-12-28 19:09:27

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#15 2022-12-28 19:21:40

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#16 2022-12-28 19:34:52

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#17 2022-12-28 19:48:24

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#18 2022-12-28 19:50:22

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#19 2022-12-28 20:03:10

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#20 2022-12-28 20:08:07

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#21 2022-12-28 20:10:22

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#22 2022-12-28 20:39:42

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#23 2022-12-28 21:03:32

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#24 2022-12-28 21:10:29

Re: [SOLVED] ufw and gufw appeared to have uninstalled

#25 2022-12-28 21:24:36

Re: [SOLVED] ufw and gufw appeared to have uninstalled

Board footer