我正在使用 Yocto 构建基于 NXP i.MX8 的定制嵌入式 Linux 平台。我想使用 UFW 设置防火墙。当我启动系统并尝试使用 UFW 时,它返回错误
无法确定 iptables 版本。
我安装了 iptables 和 nftables 软件包。我尝试手动更改 itpables 符号链接以指向 iptables-legacy 二进制文件。它仍然失败。我怎样才能解决这个问题?请参阅下面的版本。
root@iot-gate-imx8plus:~# iptables -v
iptables v1.8.7 (legacy): no command specified
Try `iptables -h' or 'iptables --help' for more information.
root@iot-gate-imx8plus:~# nft -v
nftables v1.0.2 (Lester Gooch)
root@iot-gate-imx8plus:~# ufw version
ufw 0.36.2
Copyright 2008-2023 Canonical Ltd.
root@iot-gate-imx8plus:~# ufw status
ERROR: Couldn't determine iptables version
root@iot-gate-imx8plus:~# uname -r
5.15.32+g07c574e56d60
root@iot-gate-imx8plus:~#
iptables:
root@iot-gate-imx8plus:/usr/sbin# ls -lrt *iptables*
> lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-save -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-restore -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-legacy-save -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-legacy-restore -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables-legacy -> xtables-legacy-multi\
lrwxrwxrwx 1 root root 20 Mar 9 2018 iptables -> xtables-legacy-multi
UPDATE:
Strace pointed out the problem. UFW makes an assumption of where the iptables binary is and Yocto installed it somewhere else:
strace: Process 700 attached
[pid 700] openat(AT_FDCWD, "/proc/self/fd", O_RDONLY|O_CLOEXEC) = 3
[pid 700] execve("/sbin/iptables", ["/sbin/iptables", "-V"], 0xffffec437b88 /* 21 vars */) = -1 ENOENT (No such file or directory)
[pid 700] +++ exited with 255 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=700, si_uid=0, si_status=255, si_utime=0, si_stime=0} ---
ERROR: Couldn't determine iptables version
+++ exited with 1 +++
root@iot-gate-imx8plus:~# which iptables
/usr/sbin/iptables
root@iot-gate-imx8plus:~# ln -sf /usr/sbin/iptables /sbin/iptables
root@iot-gate-imx8plus:~# ufw status
Status: inactive
您可以使用
strace -f -s 1000 -e trace=file ufw status找出使用了哪些文件路径,您可能会发现错误。