会变得不幸;(

以及，记录下安装完firewalld后怎么换回ufw

首先当然是禁用firewalld，最好使用apt purge来完全卸载

此时执行ufw enable应该会看到一堆报错，而且ssh会被断开，因为机器断网了，请确保是在本地/vnc操作：

(base) root@quq233:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-initWarning: Extension limit revision 0 not supported, missing kernel module?iptables-restore v1.8.10 (nf_tables):line 63: RULE_APPEND failed (No such file or directory): rule in chain ufw-not-localWarning: Extension LOG revision 0 not supported, missing kernel module?Warning: Extension limit revision 0 not supported, missing kernel module?iptables-restore v1.8.10 (nf_tables):line 179: RULE_APPEND failed (No such file or directory): rule in chain ufw-after-logging-inputline 180: RULE_APPEND failed (No such file or directory): rule in chain ufw-after-logging-forwardline 181: RULE_INSERT failed (No such file or directory): rule in chain ufw-logging-denyline 182: RULE_APPEND failed (No such file or directory): rule in chain ufw-logging-denyline 183: RULE_APPEND failed (No such file or directory): rule in chain ufw-logging-allowWarning: Extension rt revision 0 not supported, missing kernel module?Warning: Extension hl revision 0 not supported, missing kernel module?ip6tables-restore v1.8.10 (nf_tables):line 24: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-inputline 25: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-forwardline 26: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-outputline 50: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-inputline 51: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-inputline 52: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-inputline 53: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-inputline 55: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-inputline 57: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-inputline 67: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-inputline 69: RULE_APPEND failed (No such file or directory): rule in chain ufw6-before-inputline 111: RULE_APPEND failed (No such fiWarning: Extension LOG revision 0 not supported, missing kernel module?Warning: Extension limit revision 0 not supported, missing kernel module?ip6tables-restore v1.8.10 (nf_tables):line 163: RULE_APPEND failed (No such file or directory): rule in chain ufw6-after-logging-inputline 164: RULE_APPEND failed (No such file or directory): rule in chain ufw6-after-logging-forwardline 165: RULE_INSERT failed (No such file or directory): rule in chain ufw6-logging-denyline 166: RULE_APPEND failed (No such file or directory): rule in chain ufw6-logging-denyline 167: RULE_APPEND failed (No such file or directory): rule in chain ufw6-logging-allowProblem running '/etc/ufw/before.rules'Problem running '/etc/ufw/user.rules'Problem running '/etc/ufw/before6.rules'Problem running '/etc/ufw/user6.rules'

这边可以看到缺少了一堆内核模块，应该是安装firewalld导致系统没能自动加载，执行/usr/share/ufw/check-requirements 来查看具体缺了哪些

(base) root@quq233:~# /usr/share/ufw/check-requirements Has python: pass (binary: python3, version: 3.13.9, py3)Has iptables: passHas ip6tables: passHas /proc/net/dev: passHas /proc/net/if_inet6: passThis script will now attempt to create various rules using the iptablesand ip6tables commands. This may result in module autoloading (eg, forIPv6).Proceed with checks (Y/n)? == IPv4 ==Creating 'ufw-check-requirements'... doneInserting RETURN at top of 'ufw-check-requirements'... doneTCP: passUDP: passdestination port: passsource port: passACCEPT: passDROP: passREJECT: passLOG: FAILerror was: Warning: Extension LOG revision 0 not supported, missing kernel module?iptables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirementshashlimit: FAILerror was: Warning: Extension hashlimit revision 0 not supported, missing kernel module?iptables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirementslimit: FAILerror was: Warning: Extension limit revision 0 not supported, missing kernel module?iptables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirementsctstate (NEW): passctstate (RELATED): passctstate (ESTABLISHED): passctstate (INVALID): passctstate (new, recent set): FAIL (no runtime support)error was: Warning: Extension recent revision 0 not supported, missing kernel module?iptables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirementsctstate (new, recent update): FAIL (no runtime support)error was: Warning: Extension recent revision 0 not supported, missing kernel module?iptables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirementsctstate (new, limit): FAILerror was: Warning: Extension limit revision 0 not supported, missing kernel module?iptables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirementsinterface (input): passinterface (output): passmultiport: passcomment: FAILerror was: Warning: Extension comment revision 0 not supported, missing kernel module?iptables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirementsaddrtype (LOCAL): passaddrtype (MULTICAST): passaddrtype (BROADCAST): passicmp (destination-unreachable): passicmp (source-quench): passicmp (time-exceeded): passicmp (parameter-problem): passicmp (echo-request): pass== IPv6 ==Creating 'ufw-check-requirements6'... doneInserting RETURN at top of 'ufw-check-requirements6'... doneTCP: passUDP: passdestination port: passsource port: passACCEPT: passDROP: passREJECT: FAILerror was: Warning: Extension REJECT revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6LOG: FAILerror was: Warning: Extension LOG revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6hashlimit: FAILerror was: Warning: Extension hashlimit revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6limit: FAILerror was: Warning: Extension limit revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6ctstate (NEW): passctstate (RELATED): passctstate (ESTABLISHED): passctstate (INVALID): passctstate (new, recent set): FAIL (no runtime support)error was: Warning: Extension recent revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6ctstate (new, recent update): FAIL (no runtime support)error was: Warning: Extension recent revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6ctstate (new, limit): FAILerror was: Warning: Extension limit revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6interface (input): passinterface (output): passmultiport: passcomment: FAILerror was: Warning: Extension comment revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6icmpv6 (destination-unreachable): passicmpv6 (packet-too-big): passicmpv6 (time-exceeded): passicmpv6 (parameter-problem): passicmpv6 (echo-request): passicmpv6 with hl (neighbor-solicitation): FAILerror was: Warning: Extension hl revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6icmpv6 with hl (neighbor-advertisement): FAILerror was: Warning: Extension hl revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6icmpv6 with hl (router-solicitation): FAILerror was: Warning: Extension hl revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6icmpv6 with hl (router-advertisement): FAILerror was: Warning: Extension hl revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6ipv6 rt: FAILerror was: Warning: Extension rt revision 0 not supported, missing kernel module?ip6tables v1.8.10 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain ufw-check-requirements6== System ==Other firewall applications: firewalld (if enabled, may interfere with ufw)FAIL: check your kernel and that you have iptables >= 1.4.0FAIL: check your kernel and iptables for additional runtime support

然后，把报错信息发给chatgpt/claude，问它却什么模块;) 这么多鬼知道都是什么啊；对于我上面的报错，claude给的结果是

modprobe nf_tables
modprobe nft_limit
modprobe nft_log
modprobe nft_reject
modprobe nft_reject_ipv6
modprobe nft_counter
modprobe nft_compat

加载完后再次执行ufw enable，如果能正常启动的话，写入/etc/modules-load.d/nf_tables.conf，确保下次开机时自动加载

# Add modules to load at boot
cat >> /etc/modules-load.d/nf_tables.conf << EOF
nf_tables
nft_limit
nft_log
nft_reject
nft_reject_ipv6
nft_counter
nft_compat
EOF

应该就能恢复了;)

以及，更改配之前最好创建快照，这样就可以轻松恢复了