Package: iptables
Version: 1.8.3-2
Followup-For: Bug #914694
I've found that iptables 1.8.3-2 fixed #914694 on my systems. I assume
it was an oversight that the bug wasn't marked as fixed yet, so I'm
doing so now.
-- System Information:
Debian Release: 9.9
APT prefers oldstable-updates
APT po
Package: firewalld
Version: 0.6.3-3
Severity: important
A recent regression in Debian testing broke firewalld. This is on a stock
Debian-testing system, without a custom kernel, custom firewall configs, etc.
-- just a plain "apt install firewalld". However, it does have libvirt and
docker.io insta
Hello again,
another observation: In Fedora 29, firewalld also defaults to the iptables
backend, and I get the same error noise in "systemctl status firewalld". But
"--reload" works.
The main differences that I can see is:
* kernel: 4.18 on Debian unstable, 4.19.2 on Fedora 29
* iptables: 1.8.
On Mon, Dec 31, 2018 at 12:31:11PM -0800, Sunil Mohan Adapa wrote:
> On Tue, 27 Nov 2018 14:29:40 -0500 Eric Garver wrote:
> [...]
> > That makes it smell like an iptables-restore issue in the nftables
> > backed version of iptables. It would be great if we could reproduce
> > without firewalld us
Hi Eric,
I recently switched firewalld back to iptables given the feedback in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909574
This seems to have caused a regression.
Does this specific problem ring a bell?
Regards,
Michael
Am 26.11.18 um 12:30 schrieb Martin Pitt:
> Package: firewalld
On Mon, Nov 26, 2018 at 03:49:36PM +0100, Michael Biebl wrote:
> Hi Eric,
>
> I recently switched firewalld back to iptables given the feedback in
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909574
>
> This seems to have caused a regression.
> Does this specific problem ring a bell?
No.
Hello Eric,
Eric Garver [2018-11-26 10:20 -0500]:
> No. As far as I can tell, firewalld never uses iptables -R (rule
> replace) option. It's possible this is being triggered by something
> external via the direct/passthrough interface (e.g. docker, libvirt).
I collected some more info here:
ht
On Mon, Nov 26, 2018 at 05:50:56PM +0100, Martin Pitt wrote:
> Hello Eric,
>
> Eric Garver [2018-11-26 10:20 -0500]:
> > No. As far as I can tell, firewalld never uses iptables -R (rule
> > replace) option. It's possible this is being triggered by something
> > external via the direct/passthrough
Hi,
Thank you for investigating the bug. I have more information:
firewalld
=
After firewalld's rules are loaded for the first time, flushing them
fails. This happens during shutdown or during startup if the rules are
already present due to unclean shutdown. Output of `firewalld --nofork
On Tue, 27 Nov 2018 14:29:40 -0500 Eric Garver wrote:
[...]
> That makes it smell like an iptables-restore issue in the nftables
> backed version of iptables. It would be great if we could reproduce
> without firewalld using iptables-restore.
A much simpler way I reproduced the problem with iptab
10 matches
Mail list logo
