0

My Debian 12 Bookworm VPS was running firewalld 1.3.0-1 without problems. Due to unrelated issues, I had to rebuild the server, and now firewalld fails.

I use ansible, so the configuration should be identical to before. Maybe some apt dependencies have changed in the interim.

To troubleshoot more easily, here is a reproduction:

  • I created a brand new VPS with my hosting company; debian 12
  • I logged in as root
  • $ apt install firewalld --yes
  • $ systemctl status firewalld.service
ERROR: 'python-nftables' failed: internal:0:0-0: Error: No such file or directory; did you mean chain ‘nat_PREROUTING’ in table inet ‘firewalld’?
Error: Could not process rule: No such file or directory
Error: No such file or directory; did you mean chain ‘nat_POSTROUTING’ in table inet ‘firewalld’?
Error: Could not process rule: No such file or directory
...etc.

My intention is to use iptables instead of nftables (a docker limitation), so:

  • I edited /etc/firewalld/firewalld.config and replaced FirewallBackend=nftables with FirewallBackend=iptables
  • $ systemctl restart firewalld.service
  • $ systemctl status firewalld.service
ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.9 (nf_tables): 
CHAIN_ADD failed (No such file or directory): chain PREROUTING
RULE_APPEND failed (No such file or directory): rule in chain PREROUTING
RULE_APPEND failed (No such file or directory): rule in chain PREROUTING
CHAIN_ADD failed (No such file or directory): chain POSTROUTING
RULE_APPEND failed (No such file or directory): rule in chain POSTROUTING
RULE_APPEND failed (No such file or directory): rule in chain POSTROUTING
CHAIN_ADD failed (No such file or directory): chain OUTPUT
RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
...etc.

I don't understand as it was working before. And as you can see this is a completely new server, with nothing installed and nothing else configured. I expected it to work "out of the box".

What have I done wrongly?

(Also posted to repo.)

lonix
  • 896
  • 10
  • 23

1 Answers1

1

I managed to fix it by simply rebooting.

Then $ systemctl status firewalld.service shows that firewalld is running:

Active: active (running) since Mon 2023-08-07 04:34:46 UTC; 31s ago

How unexpected!

lonix
  • 896
  • 10
  • 23
  • Author said [on repo](https://github.com/firewalld/firewalld/issues/1184#issuecomment-1668290601) that this is unexpected, and could be an upstream issue. – lonix Aug 09 '23 at 02:54