[Pkg-utopia-maintainers] Bug#909657: firewalld: firewall rules don't work after change to nftables backend

Pavel Kreuzt pkreuzt at gmail.com
Wed Sep 26 13:01:06 BST 2018


Package: firewalld
Version: 0.6.2-1
Severity: normal

Dear Maintainer,

after upgrade to firewalld 0.6.2, in which backend changed to nftables by default, a custom script I use to enable multicast when needed stoppped working. Its content:

#!/bin/bash
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p igmp -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -d 239.0.0.0/8 -j ACCEPT

It reports "success" on both commands, but IGMP is not really working. Changing firewalld backend back to iptables in /etc/firewalld/firewalld.cond makes the commands work as expected, so it seems there's a problem in nftables backend.
 

Versions of packages firewalld depends on:
ii  dbus               1.12.10-1
ii  gir1.2-glib-2.0    1.58.0-1
ii  iptables           1.6.2-1.1
ii  nftables           0.9.0-1
ii  policykit-1        0.105-21
ii  python3            3.6.6-1
ii  python3-dbus       1.2.8-2+b1
ii  python3-gi         3.30.1-1
ii  python3-slip-dbus  0.6.5-2

Versions of packages firewalld recommends:
ii  ebtables  2.0.10.4-5
ii  ipset     6.34-1

firewalld suggests no packages.

-- Configuration Files:
/etc/firewalld/firewalld.conf [Errno 13] Permission denied: '/etc/firewalld/firewalld.conf'
/etc/firewalld/lockdown-whitelist.xml [Errno 13] Permission denied: '/etc/firewalld/lockdown-whitelist.xml'

-- no debconf information



More information about the Pkg-utopia-maintainers mailing list