[Pkg-utopia-maintainers] Bug#1087387: Bug#1087387: firewalld not working on arm64, Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0:
Michael Biebl
biebl at debian.org
Tue Nov 12 18:23:41 GMT 2024
Am 10.10.24 um 19:50 schrieb fs3000:
> Package: firewalld
> Version: 1.3.3-1~deb12u1
> Severity: important
> X-Debbugs-Cc: fs3000 at proton.me
>
> Dear Maintainer,
>
> On a fresh install of Debian 12 on a arm64 router using an image create with this repo https://github.com/frank-w/BPI-Router-Images and using original packages, firewalld is not working properly.
>
> While doing "firewall-cmd --add-interface=eth1 --zone=internal", it fails with this error:
>
> root at bpi-r4 /root $ firewall-cmd --add-interface=eth1 --zone=internal
> Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory
>
> internal:0:0-0: Error: Could not process rule: No such file or directory
>
>
> JSON blob:
> {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "daddr"}}, "op": "==", "right": "224.0.0.251"}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 5353}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": "ff02::fb"}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 5353}}, {"accept": null}]}}}, {"add": {"ct helper": {"family": "inet", "table": "firewalld", "name": "helper-netbios-ns-udp", "type": "netbios-ns", "protocol": "udp"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 137}}, {"ct helper": "helper-netbios-ns-udp"}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 137}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 138}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "index": 6, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "filter_IN_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "nat_POST_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "filter_FWD_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "nat_PRE_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "mangle_PRE_internal"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal_allow", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "eth1"}}, {"accept": null}]}}}]}
>
>
> ########### /etc/nftables.conf
> #!/usr/sbin/nft -f
>
> flush ruleset
>
> table inet filter {
> chain input {
> type filter hook input priority filter;
> }
> chain forward {
> type filter hook forward priority filter;
> }
> chain output {
> type filter hook output priority filter;
> }
> }
>
>
> ####################### nft list ruleset
> root at bpi-r4 /root $ nft list ruleset
> table inet firewalld {
> chain mangle_PREROUTING {
> type filter hook prerouting priority mangle + 10; policy accept;
> jump mangle_PREROUTING_ZONES
> }
>
> chain mangle_PREROUTING_POLICIES_pre {
> jump mangle_PRE_policy_allow-host-ipv6
> }
>
> chain mangle_PREROUTING_ZONES {
> goto mangle_PRE_public
> }
>
> chain mangle_PREROUTING_POLICIES_post {
> }
>
> chain nat_PREROUTING {
> type nat hook prerouting priority dstnat + 10; policy accept;
> jump nat_PREROUTING_ZONES
> }
>
> chain nat_PREROUTING_POLICIES_pre {
> jump nat_PRE_policy_allow-host-ipv6
> }
>
> chain nat_PREROUTING_ZONES {
> goto nat_PRE_public
> }
>
> chain nat_PREROUTING_POLICIES_post {
> }
>
> chain nat_POSTROUTING {
> type nat hook postrouting priority srcnat + 10; policy accept;
> jump nat_POSTROUTING_ZONES
> }
>
> chain nat_POSTROUTING_POLICIES_pre {
> }
>
> chain nat_POSTROUTING_ZONES {
> goto nat_POST_public
> }
>
> chain nat_POSTROUTING_POLICIES_post {
> }
>
> chain nat_OUTPUT {
> type nat hook output priority -90; policy accept;
> jump nat_OUTPUT_POLICIES_pre
> jump nat_OUTPUT_POLICIES_post
> }
>
> chain nat_OUTPUT_POLICIES_pre {
> }
>
> chain nat_OUTPUT_POLICIES_post {
> }
>
> chain filter_PREROUTING {
> type filter hook prerouting priority filter + 10; policy accept;
> icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept
> meta nfproto ipv6 fib saddr . mark . iif oif missing drop
> }
>
> chain filter_INPUT {
> type filter hook input priority filter + 10; policy accept;
> ct state { established, related } accept
> ct status dnat accept
> iifname "lo" accept
> ct state invalid drop
> jump filter_INPUT_ZONES
> reject with icmpx admin-prohibited
> }
>
> chain filter_FORWARD {
> type filter hook forward priority filter + 10; policy accept;
> ct state { established, related } accept
> ct status dnat accept
> iifname "lo" accept
> ct state invalid drop
> ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
> jump filter_FORWARD_ZONES
> reject with icmpx admin-prohibited
> }
>
> chain filter_OUTPUT {
> type filter hook output priority filter + 10; policy accept;
> ct state { established, related } accept
> oifname "lo" accept
> ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
> jump filter_OUTPUT_POLICIES_pre
> jump filter_OUTPUT_POLICIES_post
> }
>
> chain filter_INPUT_POLICIES_pre {
> jump filter_IN_policy_allow-host-ipv6
> }
>
> chain filter_INPUT_ZONES {
> goto filter_IN_public
> }
>
> chain filter_INPUT_POLICIES_post {
> }
>
> chain filter_FORWARD_POLICIES_pre {
> }
>
> chain filter_FORWARD_ZONES {
> goto filter_FWD_public
> }
>
> chain filter_FORWARD_POLICIES_post {
> }
>
> chain filter_OUTPUT_POLICIES_pre {
> }
>
> chain filter_OUTPUT_POLICIES_post {
> }
>
> chain filter_IN_public {
> jump filter_INPUT_POLICIES_pre
> jump filter_IN_public_pre
> jump filter_IN_public_log
> jump filter_IN_public_deny
> jump filter_IN_public_allow
> jump filter_IN_public_post
> jump filter_INPUT_POLICIES_post
> meta l4proto { icmp, ipv6-icmp } accept
> reject with icmpx admin-prohibited
> }
>
> chain filter_IN_public_pre {
> }
>
> chain filter_IN_public_log {
> }
>
> chain filter_IN_public_deny {
> }
>
> chain filter_IN_public_allow {
> tcp dport 22 accept
> ip6 daddr fe80::/64 udp dport 546 accept
> }
>
> chain filter_IN_public_post {
> }
>
> chain nat_POST_public {
> jump nat_POSTROUTING_POLICIES_pre
> jump nat_POST_public_pre
> jump nat_POST_public_log
> jump nat_POST_public_deny
> jump nat_POST_public_allow
> jump nat_POST_public_post
> jump nat_POSTROUTING_POLICIES_post
> }
>
> chain nat_POST_public_pre {
> }
>
> chain nat_POST_public_log {
> }
>
> chain nat_POST_public_deny {
> }
>
> chain nat_POST_public_allow {
> }
>
> chain nat_POST_public_post {
> }
>
> chain filter_FWD_public {
> jump filter_FORWARD_POLICIES_pre
> jump filter_FWD_public_pre
> jump filter_FWD_public_log
> jump filter_FWD_public_deny
> jump filter_FWD_public_allow
> jump filter_FWD_public_post
> jump filter_FORWARD_POLICIES_post
> reject with icmpx admin-prohibited
> }
>
> chain filter_FWD_public_pre {
> }
>
> chain filter_FWD_public_log {
> }
>
> chain filter_FWD_public_deny {
> }
>
> chain filter_FWD_public_allow {
> }
>
> chain filter_FWD_public_post {
> }
>
> chain nat_PRE_public {
> jump nat_PREROUTING_POLICIES_pre
> jump nat_PRE_public_pre
> jump nat_PRE_public_log
> jump nat_PRE_public_deny
> jump nat_PRE_public_allow
> jump nat_PRE_public_post
> jump nat_PREROUTING_POLICIES_post
> }
>
> chain nat_PRE_public_pre {
> }
>
> chain nat_PRE_public_log {
> }
>
> chain nat_PRE_public_deny {
> }
>
> chain nat_PRE_public_allow {
> }
>
> chain nat_PRE_public_post {
> }
>
> chain mangle_PRE_public {
> jump mangle_PREROUTING_POLICIES_pre
> jump mangle_PRE_public_pre
> jump mangle_PRE_public_log
> jump mangle_PRE_public_deny
> jump mangle_PRE_public_allow
> jump mangle_PRE_public_post
> jump mangle_PREROUTING_POLICIES_post
> }
>
> chain mangle_PRE_public_pre {
> }
>
> chain mangle_PRE_public_log {
> }
>
> chain mangle_PRE_public_deny {
> }
>
> chain mangle_PRE_public_allow {
> }
>
> chain mangle_PRE_public_post {
> }
>
> chain filter_IN_policy_allow-host-ipv6 {
> jump filter_IN_policy_allow-host-ipv6_pre
> jump filter_IN_policy_allow-host-ipv6_log
> jump filter_IN_policy_allow-host-ipv6_deny
> jump filter_IN_policy_allow-host-ipv6_allow
> jump filter_IN_policy_allow-host-ipv6_post
> }
>
> chain filter_IN_policy_allow-host-ipv6_pre {
> }
>
> chain filter_IN_policy_allow-host-ipv6_log {
> }
>
> chain filter_IN_policy_allow-host-ipv6_deny {
> }
>
> chain filter_IN_policy_allow-host-ipv6_allow {
> icmpv6 type nd-neighbor-advert accept
> icmpv6 type nd-neighbor-solicit accept
> icmpv6 type nd-router-advert accept
> icmpv6 type nd-redirect accept
> }
>
> chain filter_IN_policy_allow-host-ipv6_post {
> }
>
> chain nat_PRE_policy_allow-host-ipv6 {
> jump nat_PRE_policy_allow-host-ipv6_pre
> jump nat_PRE_policy_allow-host-ipv6_log
> jump nat_PRE_policy_allow-host-ipv6_deny
> jump nat_PRE_policy_allow-host-ipv6_allow
> jump nat_PRE_policy_allow-host-ipv6_post
> }
>
> chain nat_PRE_policy_allow-host-ipv6_pre {
> }
>
> chain nat_PRE_policy_allow-host-ipv6_log {
> }
>
> chain nat_PRE_policy_allow-host-ipv6_deny {
> }
>
> chain nat_PRE_policy_allow-host-ipv6_allow {
> }
>
> chain nat_PRE_policy_allow-host-ipv6_post {
> }
>
> chain mangle_PRE_policy_allow-host-ipv6 {
> jump mangle_PRE_policy_allow-host-ipv6_pre
> jump mangle_PRE_policy_allow-host-ipv6_log
> jump mangle_PRE_policy_allow-host-ipv6_deny
> jump mangle_PRE_policy_allow-host-ipv6_allow
> jump mangle_PRE_policy_allow-host-ipv6_post
> }
>
> chain mangle_PRE_policy_allow-host-ipv6_pre {
> }
>
> chain mangle_PRE_policy_allow-host-ipv6_log {
> }
>
> chain mangle_PRE_policy_allow-host-ipv6_deny {
> }
>
> chain mangle_PRE_policy_allow-host-ipv6_allow {
> }
>
> chain mangle_PRE_policy_allow-host-ipv6_post {
> }
> }
>
>
>
> ############################ lsmod
> root at bpi-r4 /root $ lsmod
> Module Size Used by
> nft_fib_inet 12288 1
> nft_fib_ipv4 12288 1 nft_fib_inet
> nft_fib_ipv6 12288 1 nft_fib_inet
> nft_fib 12288 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet
> nft_reject_inet 12288 6
> nf_reject_ipv4 12288 1 nft_reject_inet
> nf_reject_ipv6 20480 1 nft_reject_inet
> nft_reject 12288 1 nft_reject_inet
> nft_ct 16384 7
> nft_chain_nat 12288 3
> nf_nat 45056 1 nft_chain_nat
> nf_conntrack 106496 2 nf_nat,nft_ct
> nf_defrag_ipv6 20480 1 nf_conntrack
> nf_defrag_ipv4 12288 1 nf_conntrack
> ip_set 49152 0
> nf_tables 225280 166 nft_ct,nft_reject_inet,nft_fib_ipv6,nft_fib_ipv4,nft_chain_nat,nft_reject,nft_fib,nft_fib_inet
> libcrc32c 12288 3 nf_conntrack,nf_nat,nf_tables
> nfnetlink 16384 3 nf_tables,ip_set
> mt7925e 16384 0
> mt7925_common 86016 1 mt7925e
> mt792x_lib 40960 2 mt7925e,mt7925_common
> mt76_connac_lib 53248 3 mt792x_lib,mt7925e,mt7925_common
> mt76 86016 4 mt792x_lib,mt7925e,mt76_connac_lib,mt7925_common
> mac80211 823296 4 mt792x_lib,mt76,mt76_connac_lib,mt7925_common
> libarc4 12288 1 mac80211
> cfg80211 811008 4 mt76,mac80211,mt76_connac_lib,mt7925_common
> fuse 151552 1
> ip_tables 28672 0
> x_tables 36864 1 ip_tables
>
>
> ########################## packages
> root at bpi-r4 /root $ dpkg -l |grep "fire\|nft"
> ii firewalld 1.3.3-1~deb12u1 all dynamically managed firewall with support for network zones
> ii libnftables1:arm64 1.0.6-2+deb12u2 arm64 Netfilter nftables high level userspace API library
> ii libnftnl11:arm64 1.2.4-2 arm64 Netfilter nftables userspace API library
> ii nftables 1.0.6-2+deb12u2 arm64 Program to control packet filtering rules by Netfilter project
> ii python3-firewall 1.3.3-1~deb12u1 all Python3 bindings for firewalld
> ii python3-nftables 1.0.6-2+deb12u2 arm64 nftables/libnftables python3 module
> root at bpi-r4 /root $
>
>
>
>
>
> -- System Information:
> Debian Release: 12.8
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
> Architecture: arm64 (aarch64)
>
> Kernel: Linux 6.12.0-rc1-bpi-r4 (SMP w/4 CPU threads)
This is not a Debian provided kernel afaics, so you might be missing
certain kernel features required by firewalld. In general, we don't
provide support for non-Debian spin-offs.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20241112/05c5528a/attachment-0001.sig>
More information about the Pkg-utopia-maintainers
mailing list