Firewalld fails on completely new Debian 12 server

lonix

8/7/24, 4:12 AM

My Debian 12 Bookworm VPS was running firewalld 1.3.0-1 without problems. Due to unrelated issues, I had to rebuild the server, and now firewalld fails.

I use ansible, so the configuration should be identical to before. Maybe some apt dependencies have changed in the interim.

To troubleshoot more easily, here is a reproduction:

I created a brand new VPS with my hosting company; debian 12
I logged in as root
$ apt install firewalld --yes
$ systemctl status firewalld.service

ERROR: 'python-nftables' failed: internal:0:0-0: Error: No such file or directory; did you mean chain ‘nat_PREROUTING’ in table inet ‘firewalld’?
Error: Could not process rule: No such file or directory
Error: No such file or directory; did you mean chain ‘nat_POSTROUTING’ in table inet ‘firewalld’?
Error: Could not process rule: No such file or directory
...etc.

My intention is to use iptables instead of nftables (a docker limitation), so:

I edited /etc/firewalld/firewalld.config and replaced FirewallBackend=nftables with FirewallBackend=iptables
$ systemctl restart firewalld.service
$ systemctl status firewalld.service

ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.9 (nf_tables): 
CHAIN_ADD failed (No such file or directory): chain PREROUTING
RULE_APPEND failed (No such file or directory): rule in chain PREROUTING
RULE_APPEND failed (No such file or directory): rule in chain PREROUTING
CHAIN_ADD failed (No such file or directory): chain POSTROUTING
RULE_APPEND failed (No such file or directory): rule in chain POSTROUTING
RULE_APPEND failed (No such file or directory): rule in chain POSTROUTING
CHAIN_ADD failed (No such file or directory): chain OUTPUT
RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
RULE_APPEND failed (No such file or directory): rule in chain OUTPUT
...etc.

I don't understand as it was working before. And as you can see this is a completely new server, with nothing installed and nothing else configured. I expected it to work "out of the box".

What have I done wrongly?

(Also posted to repo.)

178

1 + 0

debian

firewalld

debian-bookworm

Score:1

Server

lonix

8/7/24, 4:45 AM

I managed to fix it by simply rebooting.

Then $ systemctl status firewalld.service shows that firewalld is running:

Active: active (running) since Mon 2023-08-07 04:34:46 UTC; 31s ago

How unexpected!

+ 1

lonix

8/9/24, 2:54 AM

Author said [on repo](https://github.com/firewalld/firewalld/issues/1184#issuecomment-1668290601) that this is unexpected, and could be an upstream issue.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Firewalld fails on completely new Debian 12 server

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.