[Pkg-utopia-maintainers] Bug#1087387: firewalld not working on arm64, Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0:
fs3000
fs3000 at proton.me
Tue Nov 12 17:03:06 GMT 2024
Package: firewalld
Version: 1.3.3-1~deb12u1
Severity: important
X-Debbugs-Cc: fs3000 at proton.me
Dear Maintainer,
On a fresh install of Debian 12 on a arm64 router using an image create with this repo https://github.com/frank-w/BPI-Router-Images and using original packages, firewalld is not working properly.
While doing "firewall-cmd --add-interface=eth1 --zone=internal", it fails with this error:
root at bpi-r4 /root $ firewall-cmd --add-interface=eth1 --zone=internal
Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory
internal:0:0-0: Error: Could not process rule: No such file or directory
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "daddr"}}, "op": "==", "right": "224.0.0.251"}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 5353}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": "ff02::fb"}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 5353}}, {"accept": null}]}}}, {"add": {"ct helper": {"family": "inet", "table": "firewalld", "name": "helper-netbios-ns-udp", "type": "netbios-ns", "protocol": "udp"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 137}}, {"ct helper": "helper-netbios-ns-udp"}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 137}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 138}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "index": 6, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "filter_IN_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "nat_POST_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "filter_FWD_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "nat_PRE_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "mangle_PRE_internal"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal_allow", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "eth1"}}, {"accept": null}]}}}]}
########### /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter;
}
chain forward {
type filter hook forward priority filter;
}
chain output {
type filter hook output priority filter;
}
}
####################### nft list ruleset
root at bpi-r4 /root $ nft list ruleset
table inet firewalld {
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
jump mangle_PREROUTING_ZONES
}
chain mangle_PREROUTING_POLICIES_pre {
jump mangle_PRE_policy_allow-host-ipv6
}
chain mangle_PREROUTING_ZONES {
goto mangle_PRE_public
}
chain mangle_PREROUTING_POLICIES_post {
}
chain nat_PREROUTING {
type nat hook prerouting priority dstnat + 10; policy accept;
jump nat_PREROUTING_ZONES
}
chain nat_PREROUTING_POLICIES_pre {
jump nat_PRE_policy_allow-host-ipv6
}
chain nat_PREROUTING_ZONES {
goto nat_PRE_public
}
chain nat_PREROUTING_POLICIES_post {
}
chain nat_POSTROUTING {
type nat hook postrouting priority srcnat + 10; policy accept;
jump nat_POSTROUTING_ZONES
}
chain nat_POSTROUTING_POLICIES_pre {
}
chain nat_POSTROUTING_ZONES {
goto nat_POST_public
}
chain nat_POSTROUTING_POLICIES_post {
}
chain nat_OUTPUT {
type nat hook output priority -90; policy accept;
jump nat_OUTPUT_POLICIES_pre
jump nat_OUTPUT_POLICIES_post
}
chain nat_OUTPUT_POLICIES_pre {
}
chain nat_OUTPUT_POLICIES_post {
}
chain filter_PREROUTING {
type filter hook prerouting priority filter + 10; policy accept;
icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept
meta nfproto ipv6 fib saddr . mark . iif oif missing drop
}
chain filter_INPUT {
type filter hook input priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
jump filter_INPUT_ZONES
reject with icmpx admin-prohibited
}
chain filter_FORWARD {
type filter hook forward priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_FORWARD_ZONES
reject with icmpx admin-prohibited
}
chain filter_OUTPUT {
type filter hook output priority filter + 10; policy accept;
ct state { established, related } accept
oifname "lo" accept
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_OUTPUT_POLICIES_pre
jump filter_OUTPUT_POLICIES_post
}
chain filter_INPUT_POLICIES_pre {
jump filter_IN_policy_allow-host-ipv6
}
chain filter_INPUT_ZONES {
goto filter_IN_public
}
chain filter_INPUT_POLICIES_post {
}
chain filter_FORWARD_POLICIES_pre {
}
chain filter_FORWARD_ZONES {
goto filter_FWD_public
}
chain filter_FORWARD_POLICIES_post {
}
chain filter_OUTPUT_POLICIES_pre {
}
chain filter_OUTPUT_POLICIES_post {
}
chain filter_IN_public {
jump filter_INPUT_POLICIES_pre
jump filter_IN_public_pre
jump filter_IN_public_log
jump filter_IN_public_deny
jump filter_IN_public_allow
jump filter_IN_public_post
jump filter_INPUT_POLICIES_post
meta l4proto { icmp, ipv6-icmp } accept
reject with icmpx admin-prohibited
}
chain filter_IN_public_pre {
}
chain filter_IN_public_log {
}
chain filter_IN_public_deny {
}
chain filter_IN_public_allow {
tcp dport 22 accept
ip6 daddr fe80::/64 udp dport 546 accept
}
chain filter_IN_public_post {
}
chain nat_POST_public {
jump nat_POSTROUTING_POLICIES_pre
jump nat_POST_public_pre
jump nat_POST_public_log
jump nat_POST_public_deny
jump nat_POST_public_allow
jump nat_POST_public_post
jump nat_POSTROUTING_POLICIES_post
}
chain nat_POST_public_pre {
}
chain nat_POST_public_log {
}
chain nat_POST_public_deny {
}
chain nat_POST_public_allow {
}
chain nat_POST_public_post {
}
chain filter_FWD_public {
jump filter_FORWARD_POLICIES_pre
jump filter_FWD_public_pre
jump filter_FWD_public_log
jump filter_FWD_public_deny
jump filter_FWD_public_allow
jump filter_FWD_public_post
jump filter_FORWARD_POLICIES_post
reject with icmpx admin-prohibited
}
chain filter_FWD_public_pre {
}
chain filter_FWD_public_log {
}
chain filter_FWD_public_deny {
}
chain filter_FWD_public_allow {
}
chain filter_FWD_public_post {
}
chain nat_PRE_public {
jump nat_PREROUTING_POLICIES_pre
jump nat_PRE_public_pre
jump nat_PRE_public_log
jump nat_PRE_public_deny
jump nat_PRE_public_allow
jump nat_PRE_public_post
jump nat_PREROUTING_POLICIES_post
}
chain nat_PRE_public_pre {
}
chain nat_PRE_public_log {
}
chain nat_PRE_public_deny {
}
chain nat_PRE_public_allow {
}
chain nat_PRE_public_post {
}
chain mangle_PRE_public {
jump mangle_PREROUTING_POLICIES_pre
jump mangle_PRE_public_pre
jump mangle_PRE_public_log
jump mangle_PRE_public_deny
jump mangle_PRE_public_allow
jump mangle_PRE_public_post
jump mangle_PREROUTING_POLICIES_post
}
chain mangle_PRE_public_pre {
}
chain mangle_PRE_public_log {
}
chain mangle_PRE_public_deny {
}
chain mangle_PRE_public_allow {
}
chain mangle_PRE_public_post {
}
chain filter_IN_policy_allow-host-ipv6 {
jump filter_IN_policy_allow-host-ipv6_pre
jump filter_IN_policy_allow-host-ipv6_log
jump filter_IN_policy_allow-host-ipv6_deny
jump filter_IN_policy_allow-host-ipv6_allow
jump filter_IN_policy_allow-host-ipv6_post
}
chain filter_IN_policy_allow-host-ipv6_pre {
}
chain filter_IN_policy_allow-host-ipv6_log {
}
chain filter_IN_policy_allow-host-ipv6_deny {
}
chain filter_IN_policy_allow-host-ipv6_allow {
icmpv6 type nd-neighbor-advert accept
icmpv6 type nd-neighbor-solicit accept
icmpv6 type nd-router-advert accept
icmpv6 type nd-redirect accept
}
chain filter_IN_policy_allow-host-ipv6_post {
}
chain nat_PRE_policy_allow-host-ipv6 {
jump nat_PRE_policy_allow-host-ipv6_pre
jump nat_PRE_policy_allow-host-ipv6_log
jump nat_PRE_policy_allow-host-ipv6_deny
jump nat_PRE_policy_allow-host-ipv6_allow
jump nat_PRE_policy_allow-host-ipv6_post
}
chain nat_PRE_policy_allow-host-ipv6_pre {
}
chain nat_PRE_policy_allow-host-ipv6_log {
}
chain nat_PRE_policy_allow-host-ipv6_deny {
}
chain nat_PRE_policy_allow-host-ipv6_allow {
}
chain nat_PRE_policy_allow-host-ipv6_post {
}
chain mangle_PRE_policy_allow-host-ipv6 {
jump mangle_PRE_policy_allow-host-ipv6_pre
jump mangle_PRE_policy_allow-host-ipv6_log
jump mangle_PRE_policy_allow-host-ipv6_deny
jump mangle_PRE_policy_allow-host-ipv6_allow
jump mangle_PRE_policy_allow-host-ipv6_post
}
chain mangle_PRE_policy_allow-host-ipv6_pre {
}
chain mangle_PRE_policy_allow-host-ipv6_log {
}
chain mangle_PRE_policy_allow-host-ipv6_deny {
}
chain mangle_PRE_policy_allow-host-ipv6_allow {
}
chain mangle_PRE_policy_allow-host-ipv6_post {
}
}
############################ lsmod
root at bpi-r4 /root $ lsmod
Module Size Used by
nft_fib_inet 12288 1
nft_fib_ipv4 12288 1 nft_fib_inet
nft_fib_ipv6 12288 1 nft_fib_inet
nft_fib 12288 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet
nft_reject_inet 12288 6
nf_reject_ipv4 12288 1 nft_reject_inet
nf_reject_ipv6 20480 1 nft_reject_inet
nft_reject 12288 1 nft_reject_inet
nft_ct 16384 7
nft_chain_nat 12288 3
nf_nat 45056 1 nft_chain_nat
nf_conntrack 106496 2 nf_nat,nft_ct
nf_defrag_ipv6 20480 1 nf_conntrack
nf_defrag_ipv4 12288 1 nf_conntrack
ip_set 49152 0
nf_tables 225280 166 nft_ct,nft_reject_inet,nft_fib_ipv6,nft_fib_ipv4,nft_chain_nat,nft_reject,nft_fib,nft_fib_inet
libcrc32c 12288 3 nf_conntrack,nf_nat,nf_tables
nfnetlink 16384 3 nf_tables,ip_set
mt7925e 16384 0
mt7925_common 86016 1 mt7925e
mt792x_lib 40960 2 mt7925e,mt7925_common
mt76_connac_lib 53248 3 mt792x_lib,mt7925e,mt7925_common
mt76 86016 4 mt792x_lib,mt7925e,mt76_connac_lib,mt7925_common
mac80211 823296 4 mt792x_lib,mt76,mt76_connac_lib,mt7925_common
libarc4 12288 1 mac80211
cfg80211 811008 4 mt76,mac80211,mt76_connac_lib,mt7925_common
fuse 151552 1
ip_tables 28672 0
x_tables 36864 1 ip_tables
########################## packages
root at bpi-r4 /root $ dpkg -l |grep "fire\|nft"
ii firewalld 1.3.3-1~deb12u1 all dynamically managed firewall with support for network zones
ii libnftables1:arm64 1.0.6-2+deb12u2 arm64 Netfilter nftables high level userspace API library
ii libnftnl11:arm64 1.2.4-2 arm64 Netfilter nftables userspace API library
ii nftables 1.0.6-2+deb12u2 arm64 Program to control packet filtering rules by Netfilter project
ii python3-firewall 1.3.3-1~deb12u1 all Python3 bindings for firewalld
ii python3-nftables 1.0.6-2+deb12u2 arm64 nftables/libnftables python3 module
root at bpi-r4 /root $
-- System Information:
Debian Release: 12.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)
Kernel: Linux 6.12.0-rc1-bpi-r4 (SMP w/4 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages firewalld depends on:
ii dbus 1.14.10-1~deb12u1
ii gir1.2-glib-2.0 1.74.0-3
ii gir1.2-nm-1.0 1.42.4-1
ii polkitd 122-3
ii python3 3.11.2-1+b1
ii python3-dbus 1.3.2-4+b1
ii python3-firewall 1.3.3-1~deb12u1
ii python3-gi 3.42.2-3+b1
ii python3-nftables 1.0.6-2+deb12u2
Versions of packages firewalld recommends:
ii ipset 7.17-1
ii iptables 1.8.9-2
ii python3-cap-ng 0.8.3-1+b3
firewalld suggests no packages.
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list