Awall firewall activate fails due to missing inet6
#1
I know this is not the best place to post but I've put this question everywhere that makes sense.... awall Gitlab, LinuxQuestions, pmOS official IIRC, etc.

Plain and simple, I'm trying to harden my PinePhone by running a firewall with valid traffic control and common-sense rules. I tried ufw—didn't work—now trying awall.

Awall doesn't activate and gives me the following output when also verifying the config:

Code:
hostname:$ sudo awall translate --verify
Warning: firewall not enabled for inet6
iptables-restore v1.8.4 (legacy): Couldn't load match `recent':No such file or directory

Error occurred at line: 38
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
/usr/share/lua/5.2/awall/iptables.lua:92: assertion failed!
stack traceback:
        /usr/share/lua/5.2/awall/uerror.lua:25: in function </usr/share/lua/5.2/awall/uerror.lua:21>
        [C]: in function 'assert'
        /usr/share/lua/5.2/awall/iptables.lua:92: in function 'restore'
        /usr/share/lua/5.2/awall/iptables.lua:101: in function 'test'
        /usr/share/lua/5.2/awall/init.lua:185: in function 'test'
        /usr/sbin/awall:337: in function 'f'
        /usr/share/lua/5.2/awall/uerror.lua:20: in function </usr/share/lua/5.2/awall/uerror.lua:20>
        [C]: in function 'xpcall'
        /usr/share/lua/5.2/awall/uerror.lua:19: in function 'call'
        /usr/sbin/awall:163: in main chunk
        [C]: in ?

I also have the following output in case it's relevant:

Code:
hostname:~$ iptables -V
iptables v1.8.4 (legacy)

Code:
hostname:~$ cat /etc/os-release
PRETTY_NAME="postmarketOS 1.22.0"
NAME="postmarketOS"
VERSION_ID="1.22.0"
VERSION="1.22.0-ec23a657"
ID="postmarketos"
ID_LIKE="alpine"

Code:
hostname:~$ uname -a
Linux hostname 5.9.1 #1-postmarketos-allwinner SMP Fri Oct 23 16:20:33 UTC 2020 aarch64 Linux

I cannot understand what is missing as it appears something is missing. Should I cut my losses and just stick with iptables for now? Huh
#2
At a wild guess one of the packet filtering things it requires isn't enabled in the kernel - perhaps check kernel config for CONFIG_NETFILTER_XT_MATCH_RECENT or something?


Possibly Related Threads…
Thread Author Replies Views Last Post
Lightbulb Wishlist for "most missing" native app (libhandy) kuleszdl 7 4,197 01-29-2022, 08:40 AM
Last Post: jjardon
  Poweroff/Reboot fails AndyM 2 2,853 09-18-2021, 06:55 PM
Last Post: jmorris

Forum Jump:


Users browsing this thread: 1 Guest(s)