[SOLVED] sudo ufw enable => gives kernel related errors?

Addanc · 2025-11-08 20:31:03

Trying to set-up a firewall using the uncomplicated firewall (ufw); after entering the following command sequence I get kernel module (?) related errors:

$ sudo systemctl start ufw.service
$ sudo systemctl enable ufw.service
Created symlink '/etc/systemd/system/multi-user.target.wants/ufw.service' → '/usr/lib/systemd/system/ufw.service'.

$ sudo ufw default deny incoming
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)

$ sudo ufw default allow outgoing
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)

$ sudo ufw enable
ERROR: problem running ufw-init
Warning: Extension conntrack revision 0 not supported, missing kernel module?
Warning: Extension conntrack is not supported, missing kernel module?
iptables-restore: line 4 failed
Warning: Extension conntrack revision 0 not supported, missing kernel module?
Warning: Extension conntrack is not supported, missing kernel module?
Warning: Extension conntrack is not supported, missing kernel module?
Warning: Extension conntrack is not supported, missing kernel module?
Warning: Extension conntrack is not supported, missing kernel module?
Warning: Extension icmp revision 0 not supported, missing kernel module?
Warning: Extension udp revision 0 not supported, missing kernel module?
Warning: Extension addrtype revision 0 not supported, missing kernel module?
Warning: Extension addrtype is not supported, missing kernel module?
Warning: Extension addrtype is not supported, missing kernel module?
Warning: Extension limit revision 0 not supported, missing kernel module?
iptables-restore: line 75 failed
Warning: Extension udp revision 0 not supported, missing kernel module?
Warning: Extension tcp revision 0 not supported, missing kernel module?
Warning: Extension addrtype revision 0 not supported, missing kernel module?
iptables-restore: line 30 failed
Warning: Extension limit revision 0 not supported, missing kernel module?
Warning: Extension LOG revision 0 not supported, missing kernel module?
Warning: Extension REJECT revision 0 not supported, missing kernel module?
iptables-restore: line 11 failed
Warning: Extension conntrack is not supported, missing kernel module?
ip6tables-restore v1.8.11 (legacy): Couldn't load match `conntrack':No such file or directory

Error occurred at line: 2
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Warning: Extension rt revision 0 not supported, missing kernel module?
Warning: Extension conntrack is not supported, missing kernel module?
ip6tables-restore v1.8.11 (legacy): Couldn't load match `conntrack':No such file or directory

Error occurred at line: 29
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Warning: Extension udp revision 0 not supported, missing kernel module?
Warning: Extension tcp revision 0 not supported, missing kernel module?
ip6tables-restore: line 27 failed

Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/after.rules'
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/before6.rules'
Problem running '/etc/ufw/after6.rules'

Running the current kernel:

$ uname -a
Linux eitri 6.17.6-arch1-1 #1 SMP PREEMPT_DYNAMIC Wed, 29 Oct 2025 22:23:47 +0000 x86_64 GNU/Linux

Kernel module snippet:

$ lsmod | grep nft_ct
nft_ct                 28672  0
nf_conntrack          196608  2 nf_nat,nft_ct
nf_tables             389120  8 nft_ct,nft_reject_inet,nft_fib_ipv6,nft_fib_ipv4,nft_chain_nat,nft_reject,nft_fib,nf

What I have installed in relation to ufw:

$ pacman -Ss ufw
extra/gufw 26.04-1 [installed]
    Uncomplicated way to manage your Linux firewall
extra/ufw 0.36.2-5 [installed]
    Uncomplicated and easy to use CLI tool for managing a netfilter firewall
extra/ufw-extras 1.1.0-2 [installed]
    Extra configuration files for UFW

What am I missing here?

Thanks in advance for any responses.

Last edited by Addanc (2025-11-09 16:25:27)

mpan · 2025-11-09 07:22:19

Welcome to the forum.

I never encountered that kind of errors, but let’s start with a quick sanity check:

$ pacman -Q linux

If the version disagrees with what `uname` reported, you did update the kernel (and its modules) on disk, but didn’t reboot the system. Start with doing so.

A special warning applicable only to the time this post is written: if you did update mkinitcpio to 40 and didn’t reboot after that, be sure to first resolve potential issues with the newly generated initramfs. This is unrelated to your UFW trouble, but trying to hurry fixing the firewall stuff you may put yourself in a bigger distress. v40 release notes.

Last edited by mpan (2025-11-09 07:26:22)

Addanc · 2025-11-09 16:12:21

I did refresh and update everything before collecting information and posting yesterday.

$ pacman -Q linux
linux 6.17.7.arch1-1

$ uname -a
Linux eitri 6.17.7-arch1-1 #1 SMP PREEMPT_DYNAMIC Sun, 02 Nov 2025 17:27:22 +0000 x86_64 GNU/Linux

I have retried again (system rebooted, doh) and the error messages have gone away. Kernel version has moved on from what I recorded yesterday.

Addanc · 2025-11-09 16:20:57

I give up, how do I flag this [SOLVED] or edit [SOLVED] into the title?

Scimmia · 2025-11-09 16:24:20

The reboot fixed it because you had updated the kernel without rebooting. When you did that the modules for the old kernel that you were still running were removed, so no new modules could be loaded.

You edit the original post and change the title.

Arch Linux

#1 2025-11-08 20:31:03

[SOLVED] sudo ufw enable => gives kernel related errors?

#2 2025-11-09 07:22:19

Re: [SOLVED] sudo ufw enable => gives kernel related errors?

#3 2025-11-09 16:12:21

Re: [SOLVED] sudo ufw enable => gives kernel related errors?

#4 2025-11-09 16:20:57

Re: [SOLVED] sudo ufw enable => gives kernel related errors?

#5 2025-11-09 16:24:20

Re: [SOLVED] sudo ufw enable => gives kernel related errors?

Board footer