UFW problem

colinl

I hope someone can help with a problem getting ufw running on a recently installed Ubuntu 16.04 system.
I have installed ufw and given it some rules and ufw status shows
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere                
80                         ALLOW IN    Anywhere                
443                        ALLOW IN    Anywhere                
22 (v6)                    ALLOW IN    Anywhere (v6)            
80 (v6)                    ALLOW IN    Anywhere (v6)            
443 (v6)                   ALLOW IN    Anywhere (v6)           

However, I have an application running that is listening on port 8883, and when, on another machine I run nmap I see
$ nmap -p 8883 <IP>
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-13 10:41 GMT
Nmap scan report for ***
Host is up (0.043s latency).
rDNS record for ***
PORT     STATE SERVICE
8883/tcp open  secure-mqtt
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

Which says the port is open, and indeed I can communicate with that service remotely, so it appears the port is not blocked.

One other thing that looks suspicious is that systemctl status ufw.service shows this which does not look right.  Am I missing something or should I submit a ticket?
$ sudo systemctl status ufw.service
[sudo] password for ***:
● ufw.service - Uncomplicated firewall
   Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
   Active: active (exited) since Wed 2019-03-13 11:03:42 GMT; 34min ago
  Process: 80 ExecStart=/lib/ufw/ufw-init start quiet (code=exited, status=0/SUCCESS)
 Main PID: 80 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/ufw.service

Mar 13 11:03:42 *.s.t4vps.eu ufw-init[80]: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/2.6.32-042stab134.8/modules.dep.bin'
Mar 13 11:03:42 *.s.t4vps.eu ufw-init[80]: modprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/2.6.32-042stab134.8
Mar 13 11:03:42 *.s.t4vps.eu ufw-init[80]: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/2.6.32-042stab134.8/modules.dep.bin'
Mar 13 11:03:42 *.s.t4vps.eu ufw-init[80]: modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/2.6.32-042stab134.8
Mar 13 11:03:42 *.s.t4vps.eu ufw-init[80]: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/2.6.32-042stab134.8/modules.dep.bin'
Mar 13 11:03:42 *.s.t4vps.eu ufw-init[80]: modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/2.6.32-042stab134.8
Mar 13 11:03:42 *.s.t4vps.eu ufw-init[80]: sysctl: permission denied on key 'net.ipv4.tcp_sack'
Mar 13 11:03:42 *.s.t4vps.eu systemd[1]: Started Uncomplicated firewall.
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

colinl

I submitted a ticket and it has been fixed. In case anyone comes across this the reason is (quoting from the ticket):
The reason for this was that your used UFW configuration in /etc/default/ufw file have requested modules, that are not available for your VPS virtualization and resulted in errors provided in second part of your ticket. This situation can be avoided by commenting off line from your config file:

IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"