The files exist. They'd been unmodified, and working, for several
months. 'ufw reset' regenerates them with the defaults. Neither of them
includes the word 'DROP', and I don't think their contents are passed
directly to nftables. I'm not familiar with their syntax, so I can't say
if there's anything wrong with them.
However, on another system that was similarly configured, I had the same
versions of ufw and nftables installed, and ufw was working fine.
However, there was an update to iptables, 1.8.4-1, and after that was
updated, ufw stopped working.
apt-listchanges sent this:
iptables (1.8.4-1) unstable; urgency=medium
All the iptables binaries have been moved away from /sbin to /usr/sbin.
Compatibility symlinks were provided during the Buster release, but they
have been dropped now.
Please make sure your scripts aren't using hardcoded binary paths.
.
Also, please note that iptables is no longer Priority: important. This
means it is not installed by default in every system. It has been replaced
by nftables.
-- Arturo Borrero Gonzalez<art...@debian.org> Wed, 04 Dec 2019 11:49:00
+0200
It looks to me like both in /sbin and in /usr/sbin, there are symlinks
from the names of the old iptables executables to the nftables versions,
via /etc/alternatives. So I'm not sure what was actually changed, but
now I'm thinking that the iptables update revealed an issue with ufw.
On 12/5/19 10:11 PM, Pascal Hambourg wrote:
Le 06/12/2019 à 04:15, Brian Vaughan a écrit :
ERROR: problem running ufw-init
Bad argument `DROP'
Error occurred at line: 4
Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
Bad argument `-'
Error occurred at line: 4
(...)
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/user6.rules'
Did you check the contents of these two files ?
