[pkg-netfilter-team] Bug#989431: nftables runs to early at system boot
F.Stoyan
fstoyan at swapon.de
Thu Jun 3 16:26:54 BST 2021
Package: nftables
Version: 0.9.8-3
Severity: normal
Tags: patch
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
nftables runs to early at system boot. At this time not all interfaces are available:
# journalctl -b -3 --unit=systemd-networkd.service --unit=nftables.service --no-hostname
-- Journal begins at Fri 2021-05-28 15:13:07 CEST, ends at Thu 2021-06-03 17:08:05 CEST. --
Jun 03 15:18:23 nft[414]: /etc/nftables.conf:12:21-31: Error: Interface does not exist
Jun 03 15:18:23 nft[414]: define SSID-MEDIA = enp1s0f0.66
Jun 03 15:18:23 nft[414]: ^^^^^^^^^^^
Jun 03 15:18:23 nft[414]: /etc/nftables.conf:11:21-31: Error: Interface does not exist
Jun 03 15:18:23 nft[414]: define SSID-LABOR = enp1s0f0.65
Jun 03 15:18:23 nft[414]: ^^^^^^^^^^^
Jun 03 15:18:23 systemd-networkd[440]: Enumeration completed
Jun 03 15:18:23 systemd[1]: Started Network Service.
Jun 03 15:18:23 systemd-networkd[440]: enp1s0f0.66: netdev ready
Jun 03 15:18:23 systemd-networkd[440]: enp1s0f0.64: netdev ready
Jun 03 15:18:23 systemd-networkd[440]: enp1s0f0.32: netdev ready
Jun 03 15:18:23 systemd-networkd[440]: enp1s0f0.34: netdev ready
Jun 03 15:18:23 systemd-networkd[440]: enp1s0f0.65: netdev ready
Jun 03 15:18:23 systemd-networkd[440]: enp1s0f0.33: netdev ready
Jun 03 15:18:23 systemd-networkd[440]: enp1s0f0.35: netdev ready
Jun 03 15:18:23 systemd-networkd[440]: enp1s0f0.36: netdev ready
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0: Link UP
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.32: Link UP
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.33: Link UP
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.34: Link UP
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.35: Link UP
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.36: Link UP
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.64: Link UP
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.65: Link UP
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.66: Link UP
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0: Gained carrier
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.32: Gained carrier
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.33: Gained carrier
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.34: Gained carrier
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.35: Gained carrier
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.36: Gained carrier
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.64: Gained carrier
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.65: Gained carrier
Jun 03 15:18:24 systemd-networkd[440]: enp1s0f0.66: Gained carrier
Jun 03 15:18:26 systemd-networkd[440]: enp1s0f0.36: Gained IPv6LL
Jun 03 15:18:26 systemd-networkd[440]: enp1s0f0.66: Gained IPv6LL
Jun 03 15:18:26 systemd-networkd[440]: enp1s0f0.65: Gained IPv6LL
Jun 03 15:18:26 systemd-networkd[440]: enp1s0f0.35: Gained IPv6LL
Jun 03 15:18:26 systemd-networkd[440]: enp1s0f0: Gained IPv6LL
Jun 03 15:18:26 systemd-networkd[440]: enp1s0f0.33: Gained IPv6LL
Jun 03 15:18:26 systemd-networkd[440]: enp1s0f0.64: Gained IPv6LL
Jun 03 15:18:26 systemd-networkd[440]: enp1s0f0.32: Gained IPv6LL
Jun 03 15:18:26 systemd-networkd[440]: enp1s0f0.34: Gained IPv6LL
Running nftables after network-target solves the issue:
# journalctl -b --unit=systemd-networkd.service --unit=nftables.service --no-hostname
-- Journal begins at Fri 2021-05-28 15:13:07 CEST, ends at Thu 2021-06-03 17:17:01 CEST. --
Jun 03 16:22:36 systemd-networkd[435]: Enumeration completed
Jun 03 16:22:36 systemd[1]: Started Network Service.
Jun 03 16:22:36 systemd[1]: Starting nftables...
Jun 03 16:22:36 systemd-networkd[435]: enp1s0f0.36: netdev ready
Jun 03 16:22:36 systemd-networkd[435]: enp1s0f0.66: netdev ready
Jun 03 16:22:36 systemd-networkd[435]: enp1s0f0.32: netdev ready
Jun 03 16:22:36 systemd-networkd[435]: enp1s0f0.34: netdev ready
Jun 03 16:22:36 systemd-networkd[435]: enp1s0f0.64: netdev ready
Jun 03 16:22:36 systemd-networkd[435]: enp1s0f0.65: netdev ready
Jun 03 16:22:36 systemd-networkd[435]: enp1s0f0.33: netdev ready
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.35: netdev ready
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0: Link UP
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.32: Link UP
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.33: Link UP
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.34: Link UP
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.35: Link UP
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.36: Link UP
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.64: Link UP
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.65: Link UP
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.66: Link UP
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0: Gained carrier
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.32: Gained carrier
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.33: Gained carrier
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.34: Gained carrier
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.35: Gained carrier
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.36: Gained carrier
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.64: Gained carrier
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.65: Gained carrier
Jun 03 16:22:37 systemd-networkd[435]: enp1s0f0.66: Gained carrier
Jun 03 16:22:38 systemd-networkd[435]: enp1s0f0.32: Gained IPv6LL
Jun 03 16:22:39 systemd-networkd[435]: enp1s0f0.36: Gained IPv6LL
Jun 03 16:22:39 systemd-networkd[435]: enp1s0f0.33: Gained IPv6LL
Jun 03 16:22:39 systemd-networkd[435]: enp1s0f0.64: Gained IPv6LL
Jun 03 16:22:39 systemd-networkd[435]: enp1s0f0.34: Gained IPv6LL
Jun 03 16:22:39 systemd-networkd[435]: enp1s0f0.35: Gained IPv6LL
Jun 03 16:22:39 systemd[1]: Finished nftables.
Changed unit file:
# systemctl cat nftables.service
# /etc/systemd/system/nftables.service
[Unit]
Description=nftables
Documentation=man:nft(8) http://wiki.nftables.org
Wants=network.target
After=network.target
Before=shutdown.target
Conflicts=shutdown.target
DefaultDependencies=no
[Service]
Type=oneshot
RemainAfterExit=yes
StandardInput=null
ProtectSystem=full
ProtectHome=true
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecReload=/usr/sbin/nft -f /etc/nftables.conf
ExecStop=/usr/sbin/nft flush ruleset
[Install]
WantedBy=sysinit.target
-- System Information:
Debian Release: 11.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-6-amd64 (SMP w/12 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nftables depends on:
ii dpkg 1.20.9
ii libc6 2.31-12
ii libedit2 3.1-20191231-2+b1
ii libnftables1 0.9.8-3
nftables recommends no packages.
Versions of packages nftables suggests:
pn firewalld <none>
-- Configuration Files:
/etc/nftables.conf changed [not included]
-- no debconf information
More information about the pkg-netfilter-team
mailing list