# journalctl -u firewalld: Mar 20 19:32:37 vortex firewalld[509]: WARNING: ipset not usable, disabling ipset usage in firewall. Mar 20 19:32:37 vortex firewalld[509]: WARNING: LAN: INVALID_TYPE: 'hash:ip' is not supported by ipset., ignoring for run-time. Mar 20 19:32:37 vortex firewalld[509]: WARNING: LAN_pcs: INVALID_TYPE: 'hash:ip' is not supported by ipset., ignoring for run-time. Mar 20 19:32:38 vortex firewalld[509]: WARNING: INVALID_IPSET: LAN_pcs Mar 20 19:32:38 vortex firewalld[509]: WARNING: INVALID_IPSET: LAN_pcs Mar 20 19:32:38 vortex firewalld[509]: WARNING: INVALID_IPSET: LAN # zgrep -i ip_set /proc/config.gz CONFIG_IP_SET=y CONFIG_IP_SET_MAX=256 CONFIG_IP_SET_BITMAP_IP=m CONFIG_IP_SET_BITMAP_IPMAC=m CONFIG_IP_SET_BITMAP_PORT=m CONFIG_IP_SET_HASH_IP=y CONFIG_IP_SET_HASH_IPMARK=y CONFIG_IP_SET_HASH_IPPORT=y CONFIG_IP_SET_HASH_IPPORTIP=y CONFIG_IP_SET_HASH_IPPORTNET=y CONFIG_IP_SET_HASH_IPMAC=y CONFIG_IP_SET_HASH_MAC=y CONFIG_IP_SET_HASH_NETPORTNET=y CONFIG_IP_SET_HASH_NET=y CONFIG_IP_SET_HASH_NETNET=y CONFIG_IP_SET_HASH_NETPORT=y CONFIG_IP_SET_HASH_NETIFACE=y CONFIG_IP_SET_LIST_SET=y Reproducible: Always
Created attachment 623314 [details] emerge --info net-firewall/firewalld
Debugging this in [1] looks like firewalld expects `ipset` to be in /sbin, but Gentoo provides it in /usr/sbin [1] https://github.com/firewalld/firewalld/issues/591
Created attachment 623798 [details] fixed stable ebuild (version 0.7.1) The pull request is for the testing version, this ebuild applies the same change to the stable version and should be possible to update as stable.
N.B.: It may well be that the correct solution is to move ipset to /sbin from /usr/sbin, in analogy to all the other (ip|nf)tables tools.
Good point. What a stupid mistake (I accidentally tested on my main machine which has a merged /usr...)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47c7b978fde49799a24ebc0872c820caacb0dd45 commit 47c7b978fde49799a24ebc0872c820caacb0dd45 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2020-03-21 14:43:33 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2020-03-21 14:44:18 +0000 net-firewall/firewalld: fix ipset path Closes: https://bugs.gentoo.org/713658 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Matthias Maier <tamiko@gentoo.org> net-firewall/firewalld/Manifest | 1 - net-firewall/firewalld/firewalld-0.6.3-r1.ebuild | 102 --------------------- net-firewall/firewalld/firewalld-0.7.1-r1.ebuild | 101 -------------------- ...d-0.7.1-r2.ebuild => firewalld-0.7.1-r3.ebuild} | 2 +- ...alld-0.7.3.ebuild => firewalld-0.7.3-r1.ebuild} | 2 +- 5 files changed, 2 insertions(+), 206 deletions(-)
