Cannot insert ufw rule for IPv6 addresses

Dave White

6/6/24, 7:27 PM

I have a server which is being tested and not yet ready for public access, hence general traffic is blocked by ufw.

I am trying to add some Google IP address ranges in the allowed rules which need to be on top of the other rules.

All the IPv4 addresses have been added fine, but when I try something like

sudo ufw insert 1 allow from 2c0f:fb50::/32 comment 'Google'

I get ERROR: Invalid position '1'.

I tried adding the same rule by not specifying a position and it is added correctly.

I also tried inserting an IPv4 rule in position 1 and that works too.

There's something that doesn't seem to work by using 'insert' and IPv6 in the same sentence.

Has anyone come across this before?

0 + 4

ufw

debian-bullseye

PersianGulf

6/6/24, 7:50 PM

I think https://serverfault.com/questions/706821/ufw-insert-number-throws-error can help you.

Jaromanda X

6/7/24, 12:10 AM

one of my systems has 46 rules, when listing the rules I see the first 30 are ipv4 and then the ipv6 rules are the last 16. I don't create the rules in that order, i.e. all the ipv4 and then the ipv6. So the first valid "position" for inserting an IPv6 rule is "31", i.e. the position of first existing IPv6 rule - look at `prepend` in the `ufw` man page, which seems to be the only place that mentions the fact that rules are grouped by address family (IP type)

Dave White

6/7/24, 8:08 AM

@PersianGulf thx, I think that one is talking about not having rule 1 in the first place, which is not the issue I have.

Dave White

6/7/24, 8:20 AM

Thanks @JaromandaX, looks like that was the issue: rules must be grouped by IP type. I was able to use `prepend` as you suggested and it worked. If you put your comment into an answer I will give you proper credit for it.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Cannot insert ufw rule for IPv6 addresses

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.