Awall cannot acticate due to missing inet6 support on pmOS
by That Random Guy from LinuxQuestions.org on (#5A45F)
Long story short, I bought a PinePhone and decided to harden it before I start using it in public. Since my particular phone came with postmarketOS (which is based on Alpine Linux), I decided to see if I could get some firewall working after testing ufw and seeing it fail.
I am now at a point where I am also failing with awall and I'm not sure why exactly. I have a clue based on this gitlab issue for awall which features someone facing a similar issue but not exactly my own.
I simply used the sample awall policy and put it under /etc/awall/ after making sure it had the right interfaces and whatnot.
When I try to activate awall via the command or verify the config... I get this error:
Code:hostname:$ sudo awall translate --verify
Warning: firewall not enabled for inet6
iptables-restore v1.8.4 (legacy): Couldn't load match `recent':No such file or directory
Error occurred at line: 38
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
/usr/share/lua/5.2/awall/iptables.lua:92: assertion failed!
stack traceback:
/usr/share/lua/5.2/awall/uerror.lua:25: in function </usr/share/lua/5.2/awall/uerror.lua:21>
[C]: in function 'assert'
/usr/share/lua/5.2/awall/iptables.lua:92: in function 'restore'
/usr/share/lua/5.2/awall/iptables.lua:101: in function 'test'
/usr/share/lua/5.2/awall/init.lua:185: in function 'test'
/usr/sbin/awall:337: in function 'f'
/usr/share/lua/5.2/awall/uerror.lua:20: in function </usr/share/lua/5.2/awall/uerror.lua:20>
[C]: in function 'xpcall'
/usr/share/lua/5.2/awall/uerror.lua:19: in function 'call'
/usr/sbin/awall:163: in main chunk
[C]: in ?Based on the output and after looking at the post on Gitlab, I get the feeling postmarketOS is missing something that's being expected and would otherwise be shipped with Alpine. It could just be I'm missing something but I'm not 100% sure on what this is detailing.
Any clues?
Some additional info that may help....
Code:hostname:~$ iptables -V
iptables v1.8.4 (legacy)
hostname:~$ cat /etc/os-release
PRETTY_NAME="postmarketOS 1.22.0"
NAME="postmarketOS"
VERSION_ID="1.22.0"
VERSION="1.22.0-ec23a657"
ID="postmarketos"
ID_LIKE="alpine"
HOME_URL="https://www.postmarketos.org/"
SUPPORT_URL="https://gitlab.com/postmarketOS"
BUG_REPORT_URL="https://gitlab.com/postmarketOS/pmbootstrap/issues"
PMOS_HASH="ec23a657b545987e1c69551a83ce3646d3b7452d"
hostname:~$ uname -a
Linux hostname 5.9.1 #1-postmarketos-allwinner SMP Fri Oct 23 16:20:33 UTC 2020 aarch64 LinuxTIA
I am now at a point where I am also failing with awall and I'm not sure why exactly. I have a clue based on this gitlab issue for awall which features someone facing a similar issue but not exactly my own.
I simply used the sample awall policy and put it under /etc/awall/ after making sure it had the right interfaces and whatnot.
When I try to activate awall via the command or verify the config... I get this error:
Code:hostname:$ sudo awall translate --verify
Warning: firewall not enabled for inet6
iptables-restore v1.8.4 (legacy): Couldn't load match `recent':No such file or directory
Error occurred at line: 38
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
/usr/share/lua/5.2/awall/iptables.lua:92: assertion failed!
stack traceback:
/usr/share/lua/5.2/awall/uerror.lua:25: in function </usr/share/lua/5.2/awall/uerror.lua:21>
[C]: in function 'assert'
/usr/share/lua/5.2/awall/iptables.lua:92: in function 'restore'
/usr/share/lua/5.2/awall/iptables.lua:101: in function 'test'
/usr/share/lua/5.2/awall/init.lua:185: in function 'test'
/usr/sbin/awall:337: in function 'f'
/usr/share/lua/5.2/awall/uerror.lua:20: in function </usr/share/lua/5.2/awall/uerror.lua:20>
[C]: in function 'xpcall'
/usr/share/lua/5.2/awall/uerror.lua:19: in function 'call'
/usr/sbin/awall:163: in main chunk
[C]: in ?Based on the output and after looking at the post on Gitlab, I get the feeling postmarketOS is missing something that's being expected and would otherwise be shipped with Alpine. It could just be I'm missing something but I'm not 100% sure on what this is detailing.
Any clues?
Some additional info that may help....
Code:hostname:~$ iptables -V
iptables v1.8.4 (legacy)
hostname:~$ cat /etc/os-release
PRETTY_NAME="postmarketOS 1.22.0"
NAME="postmarketOS"
VERSION_ID="1.22.0"
VERSION="1.22.0-ec23a657"
ID="postmarketos"
ID_LIKE="alpine"
HOME_URL="https://www.postmarketos.org/"
SUPPORT_URL="https://gitlab.com/postmarketOS"
BUG_REPORT_URL="https://gitlab.com/postmarketOS/pmbootstrap/issues"
PMOS_HASH="ec23a657b545987e1c69551a83ce3646d3b7452d"
hostname:~$ uname -a
Linux hostname 5.9.1 #1-postmarketos-allwinner SMP Fri Oct 23 16:20:33 UTC 2020 aarch64 LinuxTIA