Estou construindo uma plataforma Linux embarcada personalizada baseada no NXP i.MX8 com Yocto. Quero usar o UFW para configurar o firewall. Quando inicializo o sistema e tento usar o UFW ele retorna um erro
Não foi possível determinar a versão do iptables.
Eu tenho os pacotes iptables e nftables instalados. Tentei alterar manualmente o link simbólico do itpables para apontar para o binário iptables-legacy. Ainda falha. Como posso consertar isso? Por favor, veja as versões abaixo.
root@iot-gate-imx8plus:~# iptables -v
iptables v1.8.7 (legacy): no command specified
Try `iptables -h' or 'iptables --help' for more information.
root@iot-gate-imx8plus:~# nft -v
nftables v1.0.2 (Lester Gooch)
root@iot-gate-imx8plus:~# ufw version
ufw 0.36.2
Copyright 2008-2023 Canonical Ltd.
root@iot-gate-imx8plus:~# ufw status
ERROR: Couldn't determine iptables version
root@iot-gate-imx8plus:~# uname -r
5.15.32+g07c574e56d60
root@iot-gate-imx8plus:~#
iptables:
root@iot-gate-imx8plus:/usr/sbin# ls -lrt *iptables*
> lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-save -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-restore -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-legacy-save -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-legacy-restore -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-legacy -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables -> xtables-legacy-multi
UPDATE:
Strace pointed out the problem. UFW makes an assumption of where the iptables binary is and Yocto installed it somewhere else:
strace: Process 700 attached
[pid 700] openat(AT_FDCWD, "/proc/self/fd", O_RDONLY|O_CLOEXEC) = 3
[pid 700] execve("/sbin/iptables", ["/sbin/iptables", "-V"], 0xffffec437b88 /* 21 vars */) = -1 ENOENT (No such file or directory)
[pid 700] +++ exited with 255 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=700, si_uid=0, si_status=255, si_utime=0, si_stime=0} ---
ERROR: Couldn't determine iptables version
+++ exited with 1 +++
root@iot-gate-imx8plus:~# which iptables
/usr/sbin/iptables
root@iot-gate-imx8plus:~# ln -sf /usr/sbin/iptables /sbin/iptables
root@iot-gate-imx8plus:~# ufw status
Status: inactive
Você poderia usar
strace -f -s 1000 -e trace=file ufw status
para descobrir quais caminhos de arquivos são usados, você poderia descobrir algo errado.