Hello, thanks for your report. On 10/04/2019 13:10, Libor Klepáč wrote: > Package: firehol > Version: 3.1.6+ds-7 > Severity: wishlist > > Hi, > firehol seems to have problem to reread rules in nofast mode when using > iptables-nft. > See: https://github.com/firehol/firehol/issues/352 > > Here is part of output, it goes on to ERROR : # 30 > # firehol nofast try > FireHOL: Saving active firewall to a temporary file... OK > FireHOL: Processing file '/etc/firehol/firehol.conf'... OK (522 iptables > rules) > FireHOL: Activating ipsets... OK > FireHOL: Activating new firewall (522 rules)... > > - > -------------------------------------------------------------------------------- > ERROR : # 1. > WHAT : A runtime command failed to execute (returned error 1). > SOURCE : 30@/etc/firehol/firehol.conf: blacklist4: > COMMAND : /usr/sbin/iptables -t filter -N BLACKLIST.bi.1.in > OUTPUT : > > iptables v1.8.2 (nf_tables): Chain already exists > - > -------------------------------------------------------------------------------- > ERROR : # 2. > WHAT : A runtime command failed to execute (returned error 1). > SOURCE : 30@/etc/firehol/firehol.conf: blacklist4: > COMMAND : /usr/sbin/iptables -t filter -N BLACKLIST.bi.1.out > OUTPUT : > > iptables v1.8.2 (nf_tables): Chain already exists > - ------------------------ > > > It can be solved by using iptables-legacy. > > Can you please document this in NEWS entry? > Users of firehol should run > # update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > # update-alternatives --set iptables /usr/sbin/iptables-legacy > > Thanks, > Libor > >
Have you try to reboot your box ? Jerome -- Jerome BENOIT, Ph.D. | jgmbenoit-at+rezozer*dot_net https://www.rezozer.net/ -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/[email protected] AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B
signature.asc
Description: OpenPGP digital signature
