UFW for IPv6 on Banana Pi

I fixed a minor problem with the UFW in my Lubuntu installation a few minutes ago.

I installed the Lubuntu using the download at http://www.lemaker.org/ and enabled the UFW for IPv4 and IPv6, but I was running into the following error:

ip6tables-restore: line 73 failed

Problem running '/etc/ufw/before6.rules'

Using an iteration of commenting in /etc/ufw/before6.rules and /lib/ufw/ufw-init force-reload I finally fixed the error by dropping the reference to Netfilter’s hl module:

# for stateless autoconfiguration (restrict NDP messages to hop limit of 255)
#-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
#-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
#-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
#-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
#-A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
#-A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT

The kernel in this Lubuntu release is just not supporting the hl module.

With these changes the error disappears and the UFW will also work for IPv6.