930549 – net-firewall/firewalld - Unconditionally requires nftables Python library

Bug 930549 - net-firewall/firewalld - Unconditionally requires nftables Python library

Summary: net-firewall/firewalld - Unconditionally requires nftables Python library

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sam James

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-04-24 09:35 UTC by James Le Cuirot
Modified:	2024-08-26 11:57 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description James Le Cuirot gentoo-dev

2024-04-24 09:35:31 UTC

At least as of 2.1.1, firewalld refuses to start if nftables is not installed, even if you have disabled the nftables USE flag and chosen iptables in firewalld.conf.

> Traceback (most recent call last):
>   File "/usr/sbin/firewalld", line 293, in <module>
>     main()
>   File "/usr/sbin/firewalld", line 287, in main
>     startup(args)
>   File "/usr/sbin/firewalld", line 237, in startup
>     from firewall.server import server
>   File "/usr/lib/python3.11/site-packages/firewall/server/server.py", line 25, in <module>
>     from firewall.server.firewalld import FirewallD
>   File "/usr/lib/python3.11/site-packages/firewall/server/firewalld.py", line 15, in <module>
>     from firewall.core.fw import Firewall
>   File "/usr/lib/python3.11/site-packages/firewall/core/fw.py", line 18, in <module>
>     from firewall.core import nftables
>   File "/usr/lib/python3.11/site-packages/firewall/core/nftables.py", line 41, in <module>
>     from nftables.nftables import Nftables
> ModuleNotFoundError: No module named 'nftables'

firewalld is planning to drop iptables support anyway, but I don't know how soon that really is.

Comment 1 Larry the Git Cow gentoo-dev

2024-08-26 11:47:48 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=033b982f33185124cd23e61727e15bb01bad4dbe

commit 033b982f33185124cd23e61727e15bb01bad4dbe
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-08-26 11:45:54 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-08-26 11:47:12 +0000

    net-firewall/firewalld: add 2.2.1
    
    * Switch from PyQt5 -> PyQt6 (this is long overdue)
    * Drop iptables support as it's deprecated, will be removed upstream
      in firewalld soon, but also, the USE didn't enforce the (default) chosen
      in the backend anyway. See bug #930549 too where it further needed
      nftables to be installed anyway.
    
    Closes: https://bugs.gentoo.org/930549
    Signed-off-by: Sam James <sam@gentoo.org>

 net-firewall/firewalld/Manifest                    |   1 +
 .../files/firewalld-2.2.1-systemd-service.patch    |  19 ++
 net-firewall/firewalld/firewalld-2.2.1.ebuild      | 218 +++++++++++++++++++++
 3 files changed, 238 insertions(+)

Comment 2 Sam James archtester

2024-08-26 11:57:30 UTC

As a bonus:

commit 724dfd69f25f74aefaf44bb52859b5ea7caf9ef0
Author: Sam James <sam@gentoo.org>
Date:   Mon Aug 26 12:50:21 2024 +0100

    net-firewall/firewalld: fix nftables[python] dep

    This has been wrong for quite some time.

    Signed-off-by: Sam James <sam@gentoo.org>