Package: firewalld
Version: 1.3.0-1
Severity: important
Tags: upstream ipv6

Hello,

I have found a bug. I upgraded a couple days ago my Raspberrypi to Debian 
Bookworm and with the newer Debian a new Firewalld was installed. Since then 
Packages arent forwarded anymore by default. For that to work, you have to 
create policies in order to make this work. But when you have ipv4 and ipv6 
Addresses in one Zone, the nftables backend tries to mix ipv4 addresses with 
ipv6 addresses in the same rule which gets denied.

In the upstream Package this bug is confirmed and fixed in release 1.3.3. The 
original Bug Report is here: https://github.com/firewalld/firewalld/issues/1146

In order to fix this on debian it is needed to upgrade the firewalld package 
itself but more important the python3-nftables package to make this work. I 
have successfully fixed it locally by installeing a pyenv environment and 
installed the newest pyton packages and also the newest firewalld version.

It would be great, if this can be addresses since this is in my opinion a major 
issue that should be resolved.

Cheers
Konstantin Nebel


-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 6.1.0-9-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages firewalld depends on:
ii  dbus              1.14.6-1
ii  gir1.2-glib-2.0   1.74.0-3
pn  gir1.2-nm-1.0     <none>
ii  policykit-1       122-3
ii  polkitd           122-3
ii  python3           3.11.2-1+b1
pn  python3-dbus      <none>
pn  python3-firewall  <none>
pn  python3-gi        <none>
pn  python3-nftables  <none>

Versions of packages firewalld recommends:
pn  ipset           <none>
ii  iptables        1.8.9-2
pn  python3-cap-ng  <none>

firewalld suggests no packages.

Reply via email to