[Freedombox-discuss] Nftables make the FreedomBox totally inaccessible after reboot.

A. F. Cano afc at shibaya.lonestar.org
Fri Dec 28 23:17:54 GMT 2018 

Hi,

I'm following up on this old thread because I've encountered another
problem caused by the nftables/iptables issue.

It was my understanding that FreedomBox now uses nftables, and the old
config file prior to the upgrade I described below had nftables.

After the latest upgrade (a couple of days ago) something must have
changed enough that plinth (0.45.0) no longer worked.  I rebooted
and then the whole FreedomBox became totally inaccessible.  No ssh,
no plinth, ping said "packet filtered".  All I could do was take the
SSD card out, mount it on another computer and change the

 FirewallBackend=nftables

to

 FirewallBackend=iptables

After putting the SSD card back and rebooting, everything
was back to normal.

I leave the old issue below for completeness.

Augustine

On Mon, Dec 17, 2018 at 09:23:25PM -0500, A. F. Cano wrote:
> hi,
> 
> I suspect this might be caused by the latest upgrade to nftables.
> Firewald refused to upgrade automatically so I did it via aptitude as I
> had done before, keeping the old firewalld.conf.  After checking the
> differences, there were only two:
> 
> $ sudo diff /etc/firewalld/firewalld.conf /etc/firewalld/firewalld.conf.dpkg-dist                                                                   
> 6c6                                                                             
> < DefaultZone=external                                                          
> ---                                                                             
> > DefaultZone=public                                                            
> 64c64                                                                           
> < FirewallBackend=nftables                                                      
> ---                                                                             
> > FirewallBackend=iptables
> 
> Looks like the new versions still default to iptables.  Should be ok to
> leave the old version, but then privoxy doesn't work.
> 
> Plinth/apps/privoxy says:
> 
> Service Privoxy is not running
> 
> Privoxy is available only on internal networks. 
> Currently there are no network interfaces configured as internal.
> 
> Maybe some internal default in the firewalld config changed?
> 
> Is this a known issue? Has anyone else encountered this?
> 
> Plinth/sys/networks shows the firewall zone as "Internal" for the
> "Freedombox LAN", so there's some internal inconsistency.
> 
> Any ideas what to check/change?
> 
> Thanks.
> 
> Augustine

More information about the Freedombox-discuss mailing list