ufw

ufw doesn't work in OpenVZ-powered VPS

Asked by Gustavo Narea

Hello,

I've been using ufw in 5+ Xen-powered VPSs and I've never have trouble. However, now I have an OpenVZ-powered VPS on which I try to use ufw, but I get several errors.

First of all, I run,
  $ sudo ufw allow ssh

Then,
  $ sudo ufw enable

but I get:
<-----
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running init script
----->

Also, if I run `$ sudo /etc/init.d/ufw force-reload` I get:
<-----
 * Stopping firewall: ufw... [ OK ]
 * Starting firewall: ufw...FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/2.6.18-92.1.18.el5.028stab060.2/modules.dep: No such file or directory
iptables-restore: line 71 failed
 * Problem running '/etc/ufw/before.rules'...iptables-restore: line 34 failed
 * Problem running '/etc/ufw/after.rules'...error: "Operation not permitted" setting key "net.ipv6.conf.all.accept_redirects"
error: "Operation not permitted" setting key "net.ipv6.conf.default.accept_redirects"
error: "Operation not permitted" setting key "net.ipv4.icmp_echo_ignore_broadcasts"
error: "Operation not permitted" setting key "net.ipv4.icmp_ignore_bogus_error_responses"
error: "Operation not permitted" setting key "net.ipv4.icmp_echo_ignore_all"
error: "Operation not permitted" setting key "net.ipv4.tcp_syncookies"
error: "Operation not permitted" setting key "net.ipv4.tcp_sack"
                                                                                                                                                                   [fail]
----->

Another issue is that while it's enabled, I can't download anything. For example, if I try to install an application while ufw is enabled with the only rule I defined above, I'd get this:
<-----
Could not resolve 'archive.ubuntu.com'
----->

I tried to install the kernel module above, but I couldn't.

How can I fix this?

Thanks in advance.

Question information

Language:
English Edit question
Status:
Expired
For:
ufw Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Gustavo Narea (gnarea) said :
#1

FTR, the output of `$ sudo ufw status verbose`, when it's enabled, is:
<-----
Status: loaded
Logging: on
Default: deny
New profiles: skip

To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/udp ALLOW Anywhere
----->

Revision history for this message
Launchpad Janitor (janitor) said :
#2

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
bodhi.zazen (bodhi.zazen) said :
#3

The problem is that iptables is not fully functional in openvz templates.

See : http://blog.bodhizazen.net/uncategorized/how-to-use-ufw-in-openvz-templates/