[Pkg-utopia-maintainers] Bug#909657: firewalld: firewall rules don't work after change to nftables backend
Pavel Kreuzt
pkreuzt at gmail.com
Wed Sep 26 13:01:06 BST 2018
Package: firewalld
Version: 0.6.2-1
Severity: normal
Dear Maintainer,
after upgrade to firewalld 0.6.2, in which backend changed to nftables by default, a custom script I use to enable multicast when needed stoppped working. Its content:
#!/bin/bash
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p igmp -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -d 239.0.0.0/8 -j ACCEPT
It reports "success" on both commands, but IGMP is not really working. Changing firewalld backend back to iptables in /etc/firewalld/firewalld.cond makes the commands work as expected, so it seems there's a problem in nftables backend.
Versions of packages firewalld depends on:
ii dbus 1.12.10-1
ii gir1.2-glib-2.0 1.58.0-1
ii iptables 1.6.2-1.1
ii nftables 0.9.0-1
ii policykit-1 0.105-21
ii python3 3.6.6-1
ii python3-dbus 1.2.8-2+b1
ii python3-gi 3.30.1-1
ii python3-slip-dbus 0.6.5-2
Versions of packages firewalld recommends:
ii ebtables 2.0.10.4-5
ii ipset 6.34-1
firewalld suggests no packages.
-- Configuration Files:
/etc/firewalld/firewalld.conf [Errno 13] Permission denied: '/etc/firewalld/firewalld.conf'
/etc/firewalld/lockdown-whitelist.xml [Errno 13] Permission denied: '/etc/firewalld/lockdown-whitelist.xml'
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list