Summary: | net-firewall/firewalld-0.6.3: Missing support for net-firewall/iptables[nftables] | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Steffen Rytter Postas <nc> |
Component: | Current packages | Assignee: | Virtualization Team <virtualization> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ilmostro7, nc |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Steffen Rytter Postas
2019-03-08 11:41:33 UTC
Did this problem show up in this release? I've been trying to figure out why my firewall is all screwed up, and the firewalld service complains. By the way, the latest release upstream is 0.6.4; https://firewalld.org/2019/05/firewalld-0-6-4-release May 25 10:42:33 riparch.vidi.lan firewalld[8530]: ERROR: Failed to apply rules. A firewall reload might solve the issue if the firewall has been modified using ip*tables or ebtables. May 25 10:42:33 riparch.vidi.lan firewalld[8530]: ERROR: '/sbin/nft add chain inet firewalld raw_PREROUTING { type filter hook prerouting priority -290 ; }' failed: Error: Could not process rule: No such file or directory add chain inet firewalld raw_PREROUTING { type filter hook prerouting priority -290 ; } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ May 25 10:42:33 riparch.vidi.lan firewalld[8530]: ERROR: Failed to apply rules. A firewall reload might solve the issue if the firewall has been modified using ip*tables or ebtables. May 25 10:42:33 riparch.vidi.lan firewalld[8530]: ERROR: '/sbin/nft insert rule inet firewalld raw_PREROUTING meta nfproto ipv6 fib saddr . iif oif missing drop' failed: Error: Could not process rule: No such file or directory insert rule inet firewalld raw_PREROUTING meta nfproto ipv6 fib saddr . iif oif missing drop ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ May 25 10:42:34 riparch.vidi.lan firewalld[8530]: ERROR: Failed to apply rules. A firewall reload might solve the issue if the firewall has been modified using ip*tables or ebtables. May 25 10:42:34 riparch.vidi.lan firewalld[8530]: ERROR: '/sbin/nft add rule inet firewalld raw_PRE_internal_allow udp dport 137 ct helper netbios-ns' failed: nft: gmputil.c:67: mpz_get_uint32: Assertion `cnt <= 1' failed. The cause for this issue is net-firewall/nftables-0.8-r3. Upgrading to net-firewall/nftables-0.8.5 fixes this for me. Almost any /sbin/nft rule action causing "mpz_get_uint32: Assertion `cnt <= 1' failed" in version 0.8-r3. That's what I had suspected as well, among many other things :p . Thank you for testing this and confirming. Actually, building iptables[nftables] along with firewalld still fails due to ebtables blocking it, even with nftables-0.8.5; just as the initial comment here describes. The latest version of iptables resolves this issue for me; =net-firewall/iptables-1.8.3-r1[nftables] works fine even if/when ebtables is installed. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d8a9c901755ad38c1fdd98116a9104fdfc15d78 commit 6d8a9c901755ad38c1fdd98116a9104fdfc15d78 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2019-07-28 19:16:20 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2019-07-28 19:37:57 +0000 net-firewall/firewalld: fix dependency deadlock Let's relax the dependency on ebtables a bit Closes: https://bugs.gentoo.org/679760 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Matthias Maier <tamiko@gentoo.org> net-firewall/firewalld/firewalld-0.6.3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) |