Bug#1121939: Fwd: Bug#1121939: firehol doesn't start after upgrade to trixie

Mon, 08 Dec 2025 08:13:18 -0800 



-------- Forwarded Message --------
Subject: Re: Bug#1121939: firehol doesn't start after upgrade to trixie
Date: Mon, 8 Dec 2025 15:10:24 +0000 (GMT)
From: Edmund H. Ramm <[email protected]>
To: [email protected]

Hi Jerome,

Jerome BENOIT <[email protected]> writes:


[..]
Firehol actually works only with the legacy method.
A support for the nf method may ask for a full recoding.


   c'est ne vrai pas. When I set up this system here in 2020, the only net-
filter programs the Debian installer installed were the non-legacy versions.
And all my kernels (All compiled by me; the standard Debian kernel is
unusable for me as it lacks many features I need.) never had
"Legacy netfilter tables" built in.

   Prior to trixie Firehol worked fine and trouble free with "only"
nf-filtering enabled in the kernel and the then only present non-legacy
netfilter programs. When I, after firehol stopped working after the upgrade
to trixie, "hacked" /usr/libexec/firehol/firehol to use the non-legacy
netfilter commands, firehol worked o.k. again here!

   The upgrade to trixie installed, among many other things, the "legacy"
versions of the netfilter programs and a new firehol version. And firehol
stopped working, because it now calls the netfilter-legacy programs, which
in turn need "Legacy netfiltering" enabled in the kernel.

   So: Using "which netfilter" instead of "which netfilter-legacy" etc. in the
firehol install script should make firehol working without the ip_filter module
the netfilter-legacy version looks for. Provided the non-legacy netfilter
programs are installed.


[...]
I will see before if ip_tables.ko can be still present in the linux-image
packages.
[...]


   It is, in the Debian kernel. The Debian kernel is of no use to me. But
that's the reason I'm the first one to experience problems. Most others seem
to be satisfied with the standard Debian kernel.

   Yours sincerely,

      Eddi ._._.
--
   Zu Leute blickten aufeinander, in der endgültigen Verwunderung flüchtig.
-babelfish                                     e-mail: dj6ux AT posteo DOT de




Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature






















					Reply via email to