Login/Register
WSL2 cannot enable ufw [closed]
Asked Answered
ubuntunginxdebianwindows-subsystem-for-linuxufw
P

1

7

Took an interest in WSL2. It was my way of gettin into Linux and messed around for a while until I decided to install Nginx and allow it in ufw. When I enabled it with :

sudo ufw enable

It responded with :

ERROR: problem running ufw-init
iptables-restore v1.8.4 (legacy): Couldn't load match `limit':No such file or directory

Error occurred at line: 63
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.4 (legacy): Couldn't load match `limit':No such file or directory

Error occurred at line: 21
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/user.rules'

So, I've been tried a bunch of things. First of all, restart the service, then reseting ufw, removing and reinstalling. At some point, I decided to switch to Ubuntu 18.04 instead of 20.04 got an error pretty similar.

ERROR: problem running ufw-init
modprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/5.4.72-microsoft-standard-WSL2
modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/5.4.72-microsoft-standard-WSL2
modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/5.4.72-microsoft-standard-WSL2
iptables-restore: line 75 failed
iptables-restore: line 27 failed
ip6tables-restore: line 27 failed

Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/user6.rules'

I went to the files to comment the line and with some success, could get ride of the two first errors but not the last. I added a rule for Windows Firewall, tried to use the Debian distro, which returned me something way worst than the two first.

ERROR: problem running ufw-init
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/5.4.72-microsoft-standard-WSL2/modules.dep.bin'
modprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/5.4.72-microsoft-standard-WSL2
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/5.4.72-microsoft-standard-WSL2/modules.dep.bin'
modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/5.4.72-microsoft-standard-WSL2
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/5.4.72-microsoft-standard-WSL2/modules.dep.bin'
modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/5.4.72-microsoft-standard-WSL2
iptables-restore v1.8.2 (nf_tables):
line 22: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 23: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 24: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 25: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 26: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 27: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 29: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 30: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 31: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 32: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 33: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 34: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 36: RULE_APPEND failed (No such file or directory): rule in chain FORWARD
line 41: RULE
iptables-restore v1.8.2 (nf_tables): Couldn't load match `conntrack':No such file or directory

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (nf_tables):
line 5: RULE_APPEND failed (No such file or directory): rule in chain ufw-skip-to-policy-input
line 6: RULE_APPEND failed (No such file or directory): rule in chain ufw-skip-to-policy-output
line 7: RULE_APPEND failed (No such file or directory): rule in chain ufw-skip-to-policy-forward
iptables-restore v1.8.2 (nf_tables): Couldn't load match `conntrack':No such file or directory

Error occurred at line: 25
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (nf_tables): unknown option "--dport"
Error occurred at line: 19
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (nf_tables): unknown option "--log-prefix"
Error occurred at line: 21
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.2 (nf_tables): Chain 'ufw-before-input' does not exist
ip6tables-restore v1.8.2 (nf_tables):
line 22: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 23: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 24: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 25: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 26: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 27: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 29: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 30: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 31: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 32: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 33: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 34: RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
line 36: RULE_APPEND failed (No such file or directory): rule in chain FORWARD
line 41: RULE
ip6tables-restore v1.8.2 (nf_tables): Couldn't load match `conntrack':No such file or directory

Error occurred at line: 2
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
ip6tables-restore v1.8.2 (nf_tables):
line 5: RULE_APPEND failed (No such file or directory): rule in chain ufw6-skip-to-policy-input
line 6: RULE_APPEND failed (No such file or directory): rule in chain ufw6-skip-to-policy-output
line 7: RULE_APPEND failed (No such file or directory): rule in chain ufw6-skip-to-policy-forward
ip6tables-restore v1.8.2 (nf_tables): Couldn't load match `rt':No such file or directory

Error occurred at line: 24
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
ip6tables-restore v1.8.2 (nf_tables): unknown option "--dport"
Error occurred at line: 19
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
ip6tables-restore v1.8.2 (nf_tables): unknown option "--log-prefix"
Error occurred at line: 21
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
ip6tables-restore v1.8.2 (nf_tables): Chain 'ufw6-before-input' does not exist

Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/after.rules'
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/before6.rules'
Problem running '/etc/ufw/after6.rules'
Problem running '/etc/ufw/user6.rules'

So, I'm taking a wild guess and imagine that the problem come from Windows itself instead of WSL2 but I didn't found anything on the web that could help me. Some here I am.

Does someone know anything to help me, please ? Thanks.

Polik answered 2/2, 2021 at 22:26 Comment(5)
Why do you need firewall inside WSL2? Just let the Windows Firewall do its job if you are concerned about external access to the Nginx. Since WSL2 networking is handled by Shared Access (aka ICS - Internet Connection Sharing), the Ubuntu or any other Linux guest system running onside WSL is isolated from host network with its own random IP address in 172.16.0.0/12 private block.Congo
Same question here: askubuntu.com/questions/1100739/i-cant-use-ufw-on-wsl-ubuntuVagary
It is indeed what finaly find out.Polik
@Congo for me I stumbled upon this issue because I am trying to allow port 9000 to be accessible from external connection. This is related to setting up xdebug (which I am still trying to figure out how). And since I can't enable ufw, then I can't expose port 9000.Universalist
@Universalist You could use the iptables command instead of ufw to open the port. However, you'll have to access Xdebug connection using the IP address of the WSL guest OS which changes on every boot or restart of distro. IIRC, Xdebug configuration has a switch to allow remote connections. That's worth checking in your php.ini.Congo
F
0

First off, you need to enable systemd, since UFW runs as a systemd service:

Enabling systemd in WSL 2 on Windows 11

TLDR add to your /etc/wsl.conf:

[boot]
systemd=true

Then in admin PowerShell:

wsl --shutdown

Then reopen your Ubuntu terminal to "reboot" into systemd WSL2.

Those other errors suggest that ufw also needs some kernel modules that aren't currently enabled in the WSL2 kernel by default. I know I had to recompile my WSL2 kernel with some adjustments for firewalld to work.

But first I'd try the systemd part, that may already solve your issues. Report back please.

Fig answered 21/3, 2023 at 17:9 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.