At least as of 2.1.1, firewalld refuses to start if nftables is not installed, even if you have disabled the nftables USE flag and chosen iptables in firewalld.conf. > Traceback (most recent call last): > File "/usr/sbin/firewalld", line 293, in <module> > main() > File "/usr/sbin/firewalld", line 287, in main > startup(args) > File "/usr/sbin/firewalld", line 237, in startup > from firewall.server import server > File "/usr/lib/python3.11/site-packages/firewall/server/server.py", line 25, in <module> > from firewall.server.firewalld import FirewallD > File "/usr/lib/python3.11/site-packages/firewall/server/firewalld.py", line 15, in <module> > from firewall.core.fw import Firewall > File "/usr/lib/python3.11/site-packages/firewall/core/fw.py", line 18, in <module> > from firewall.core import nftables > File "/usr/lib/python3.11/site-packages/firewall/core/nftables.py", line 41, in <module> > from nftables.nftables import Nftables > ModuleNotFoundError: No module named 'nftables' firewalld is planning to drop iptables support anyway, but I don't know how soon that really is.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=033b982f33185124cd23e61727e15bb01bad4dbe commit 033b982f33185124cd23e61727e15bb01bad4dbe Author: Sam James <sam@gentoo.org> AuthorDate: 2024-08-26 11:45:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-08-26 11:47:12 +0000 net-firewall/firewalld: add 2.2.1 * Switch from PyQt5 -> PyQt6 (this is long overdue) * Drop iptables support as it's deprecated, will be removed upstream in firewalld soon, but also, the USE didn't enforce the (default) chosen in the backend anyway. See bug #930549 too where it further needed nftables to be installed anyway. Closes: https://bugs.gentoo.org/930549 Signed-off-by: Sam James <sam@gentoo.org> net-firewall/firewalld/Manifest | 1 + .../files/firewalld-2.2.1-systemd-service.patch | 19 ++ net-firewall/firewalld/firewalld-2.2.1.ebuild | 218 +++++++++++++++++++++ 3 files changed, 238 insertions(+)
As a bonus: commit 724dfd69f25f74aefaf44bb52859b5ea7caf9ef0 Author: Sam James <sam@gentoo.org> Date: Mon Aug 26 12:50:21 2024 +0100 net-firewall/firewalld: fix nftables[python] dep This has been wrong for quite some time. Signed-off-by: Sam James <sam@gentoo.org>