Control: severity -1 normal On 28 May 2017 at 00:54, Harlan Lieberman-Berg <h.liebermanb...@gmail.com> wrote: > > Bizarrely, the quite simple "workstation" example causes the language picker > in > gdm3 to disappear and the default layout to switch back to qwerty. As far as > I > can tell this doesn't happen on the next boot, but rather a couple of boots > later. > > Disabling the nftables ruleset and rebooting fixes the problem completely. > > I'm not sure whether this is an nftables bug or a gdm bug, but I'm putting it > here as similar iptables rules don't cause this behavior. >
Hi, I've been using this example ruleset for years now, with no issues. The example ruleset isn't buggy. Generally, if a machine is misbehaving after loading a firewall ruleset, it usually means that the ruleset policy is wrong for your environment/configuration. This is highly possible, and that's why the file is just an example: you will probably need to tune the ruleset or the rest of the configuration of your machine. Regarding the 'uninterruptable sleep', the nft command line interface tool (what the nftables package contains) is by no means intended to interfere with kernel ability to send signals to other running process (i.e. to interrupt others processes). No code is included in this package. How could a bug in the nftables CLI tool led to chrome to hang? So your problem is likely in another place. Probably the kernel. Did you check 'dmesg' after the issue happens? Perhaps you are hitting an oops related to the network stack. The strace you attached shows that nftables hangs when trying to talk to the netlink subsystem. A nfnetlink/nf_tables kernel bug is indeed more likely, but then this bug belongs to the linux package. To summarise, this is my opinion on the possibilities of this bugs: * configuration issue in your machine * linux kernel bug I'm Lowering the severity right now because of this.