PINE64
Awall firewall activate fails due to missing inet6 - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: PinePhone Software (https://forum.pine64.org/forumdisplay.php?fid=121)
+---- Forum: PostmarketOS on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=124)
+---- Thread: Awall firewall activate fails due to missing inet6 (/showthread.php?tid=12107)

Awall firewall activate fails due to missing inet6 - thatrandomguy - 11-10-2020

I know this is not the best place to post but I've put this question everywhere that makes sense.... awall Gitlab, LinuxQuestions, pmOS official IIRC, etc.

Plain and simple, I'm trying to harden my PinePhone by running a firewall with valid traffic control and common-sense rules. I tried ufw—didn't work—now trying awall.

Awall doesn't activate and gives me the following output when also verifying the config:

Code:
hostname:$ sudo awall translate --verify
Warning: firewall not enabled for inet6
iptables-restore v1.8.4 (legacy): Couldn't load match `recent':No such file or directory

Error occurred at line: 38
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
/usr/share/lua/5.2/awall/iptables.lua:92: assertion failed!
stack traceback:
        /usr/share/lua/5.2/awall/uerror.lua:25: in function </usr/share/lua/5.2/awall/uerror.lua:21>
        [C]: in function 'assert'
        /usr/share/lua/5.2/awall/iptables.lua:92: in function 'restore'
        /usr/share/lua/5.2/awall/iptables.lua:101: in function 'test'
        /usr/share/lua/5.2/awall/init.lua:185: in function 'test'
        /usr/sbin/awall:337: in function 'f'
        /usr/share/lua/5.2/awall/uerror.lua:20: in function </usr/share/lua/5.2/awall/uerror.lua:20>
        [C]: in function 'xpcall'
        /usr/share/lua/5.2/awall/uerror.lua:19: in function 'call'
        /usr/sbin/awall:163: in main chunk
        [C]: in ?

I also have the following output in case it's relevant:

Code:
hostname:~$ iptables -V
iptables v1.8.4 (legacy)

Code:
hostname:~$ cat /etc/os-release
PRETTY_NAME="postmarketOS 1.22.0"
NAME="postmarketOS"
VERSION_ID="1.22.0"
VERSION="1.22.0-ec23a657"
ID="postmarketos"
ID_LIKE="alpine"

Code:
hostname:~$ uname -a
Linux hostname 5.9.1 #1-postmarketos-allwinner SMP Fri Oct 23 16:20:33 UTC 2020 aarch64 Linux

I cannot understand what is missing as it appears something is missing. Should I cut my losses and just stick with iptables for now? Huh

RE: Awall firewall activate fails due to missing inet6 - wibble - 11-11-2020

At a wild guess one of the packet filtering things it requires isn't enabled in the kernel - perhaps check kernel config for CONFIG_NETFILTER_XT_MATCH_RECENT or something?