Is it possible to use ufw when kernel.modules_disabled=1

Question

I am following Mastering Linux Security and Hardening 3rd ed. by Donald a. Tevault on Ubuntu 22.04 VPS.

I have accepted suggested by lynis value 1 for kernel parameter kernel.modules_disabled, as recommended.

$ sudo apt install lynis
$ lynis audit system | grep kernel.modules_disabled
    - kernel.modules_disabled (exp: 1)                        [ DIFFERENT ]
$ sudo echo 'kernel.modules_disabled = 1' >> /etc/sysctl.d/999-disable-modules.conf
$ sudo reboot

Then I tried to configure ufw. I got the following error.

$ sudo apt install ufw
$ sudo ufw status verbose
ERROR: Couldn't determine iptables version

When kernel.modules_disabled is set to 0, ufw is working as expected.

Is it possible to use ufw with parameter kernel.modules_disabled = 1?

score 0 · Accepted Answer · answered Apr 06 '24 at 12:16

Is it possible to use ufw with parameter kernel.modules_disabled = 1?

Yes, if a) all necessary modules have been pre-loaded before setting this sysctl, or if b) all necessary features have been compiled as built-in to the kernel (i.e. not modular).

Set up your ruleset, reboot, verify that the ruleset has been loaded, then run lsmod to see which modules are necessary. List those modules in /etc/modules-load.d/*.conf. (You can skip modules that are dependencies of some other module; they'll be loaded implicitly.)

Is it possible to use ufw when kernel.modules_disabled=1

1 Answers1