Reassigning to firewalld as the description mentions that ufw is disabled. This is not a bug though because iptables relies on certain tables/chains being used and it looks like firewalld doesn't use those (which is fine for firewalld to do). You should be able to see all netfilter firewall rules with 'nft' but you'll only see rules that are added to the (now non-default) tables/chains that iptables expects (INPUT, OUTPUT, etc). More specifically, 'nft' will see the rules that 'iptables' creates but not necessarily the other way around.
** Package changed: ufw (Ubuntu) => firewalld (Ubuntu) ** Changed in: firewalld (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ufw in Ubuntu. https://bugs.launchpad.net/bugs/1970731 Title: iptables empty when using firewalld Status in firewalld package in Ubuntu: Invalid Bug description: Summary: I am using firewalld/jammy,now 1.1.1-1ubuntu1 on my vpn server. The vpn server is using wireguard and I could successfully configure zones and policies in firewalld. Yet, iptables does not show the rules from firewalld. 1) System root@vpn:~# uname -a Linux vpn 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 04:55:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@vpn:~# lsb_release -rd Description: Ubuntu 22.04 LTS Release: 22.04 All updates installed. 2) What happens: I am setting rules with firewall-cmd. These firewall rules are visible with: nft list table inet firewalld but not with 'iptables'. 3) What I expect to happen: The toutput of iptables --list should also reflect firewalld settings. 4) What happened instead However, the iptables output shows only empty tables (filter, mangle, nat). root@vpn:~# iptables -t nat --list # Warning: iptables-legacy tables present, use iptables-legacy to see them Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination root@vpn:~# iptables -t filter --list # Warning: iptables-legacy tables present, use iptables-legacy to see them Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@vpn:~# iptables-legacy -t nat --list Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination root@vpn:~# iptables-legacy -t filter --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 5) Further information The ufw firewall is disabled and uninstalled. According to the release notes of 22.04, the backend has changed to nftables. I was assuming, that the backend default is kind of transparent to the user, meaning iptables should still work as normal. I wonder if on my system is iptables correctly linked to the backend. Iptables points to xtables-nft-multi: root@vpn:~# ls -l /usr/sbin/iptables lrwxrwxrwx 1 root root 26 Aug 24 2021 /usr/sbin/iptables -> /etc/alternatives/iptables root@vpn:~# ls -l /etc/alternatives/iptables lrwxrwxrwx 1 root root 22 Apr 25 18:56 /etc/alternatives/iptables -> /usr/sbin/iptables-nft root@vpn:~# ls -l /usr/sbin/iptables-nft lrwxrwxrwx 1 root root 17 Mar 24 12:58 /usr/sbin/iptables-nft -> xtables-nft-multi root@vpn:~# ls -l /usr/sbin/xtables-nft-multi -rwxr-xr-x 1 root root 224296 Mar 24 12:58 /usr/sbin/xtables-nft-multi Perhaps this is an issue with the upgrade process of ubuntu. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1970731/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp