Your message dated Wed, 13 Nov 2024 19:07:48 +0100
with message-id <4d1e64f1-be19-4261-87be-a195e3aba...@debian.org>
and subject line Re: [Pkg-utopia-maintainers] Bug#1087387: firewalld not 
working on arm64, Error: COMMAND_FAILED: 'python-nftables' failed: 
internal:0:0-0:
has caused the Debian Bug report #1087387,
regarding firewalld not working on arm64, Error: COMMAND_FAILED: 
'python-nftables' failed: internal:0:0-0:
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1087387: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087387
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: firewalld
Version: 1.3.3-1~deb12u1
Severity: important
X-Debbugs-Cc: fs3...@proton.me

Dear Maintainer,

On a fresh install of Debian 12 on a arm64 router using an image create with 
this repo https://github.com/frank-w/BPI-Router-Images and using original 
packages, firewalld is not working properly.

While doing "firewall-cmd --add-interface=eth1 --zone=internal", it fails with 
this error:

root@bpi-r4 /root $ firewall-cmd --add-interface=eth1 --zone=internal
Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could 
not process rule: No such file or directory

internal:0:0-0: Error: Could not process rule: No such file or directory


JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": 
{"family": "inet", "table": "firewalld", "name": "filter_IN_internal"}}}, 
{"add": {"chain": {"family": "inet", "table": "firewalld", "name": 
"filter_IN_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "filter_IN_internal_log"}}}, {"add": {"chain": {"family": 
"inet", "table": "firewalld", "name": "filter_IN_internal_deny"}}}, {"add": 
{"chain": {"family": "inet", "table": "firewalld", "name": 
"filter_IN_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "filter_IN_internal_post"}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": 
{"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": 
{"target": "filter_IN_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": 
{"target": "filter_IN_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": 
{"target": "filter_IN_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": 
{"target": "filter_IN_internal_allow"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": 
{"target": "filter_IN_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": 
{"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": 
[{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": 
{"rule": {"family": "inet", "table": "firewalld", "chain": 
"filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": 
{"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"accept": 
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": 
"filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": 
{"protocol": "ip", "field": "daddr"}}, "op": "==", "right": "224.0.0.251"}}, 
{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": 
"==", "right": 5353}}, {"accept": null}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": 
[{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": 
"==", "right": "ff02::fb"}}, {"match": {"left": {"payload": {"protocol": "udp", 
"field": "dport"}}, "op": "==", "right": 5353}}, {"accept": null}]}}}, {"add": 
{"ct helper": {"family": "inet", "table": "firewalld", "name": 
"helper-netbios-ns-udp", "type": "netbios-ns", "protocol": "udp"}}}, {"add": 
{"rule": {"family": "inet", "table": "firewalld", "chain": 
"filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": 
{"protocol": "udp", "field": "dport"}}, "op": "==", "right": 137}}, {"ct 
helper": "helper-netbios-ns-udp"}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": 
{"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", 
"right": 137}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": 
{"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", 
"right": 138}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": 
{"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", 
"right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": 
{"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, 
{"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "nat_POST_internal"}}}, {"add": {"chain": {"family": 
"inet", "table": "firewalld", "name": "nat_POST_internal_pre"}}}, {"add": 
{"chain": {"family": "inet", "table": "firewalld", "name": 
"nat_POST_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "nat_POST_internal_deny"}}}, {"add": {"chain": {"family": 
"inet", "table": "firewalld", "name": "nat_POST_internal_allow"}}}, {"add": 
{"chain": {"family": "inet", "table": "firewalld", "name": 
"nat_POST_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": 
"firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": 
"nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": 
{"target": "nat_POST_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": 
{"target": "nat_POST_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": 
{"target": "nat_POST_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": 
{"target": "nat_POST_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": 
{"target": "nat_POST_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": 
{"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": 
"inet", "table": "firewalld", "name": "filter_FWD_internal"}}}, {"add": 
{"chain": {"family": "inet", "table": "firewalld", "name": 
"filter_FWD_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "filter_FWD_internal_log"}}}, {"add": {"chain": {"family": 
"inet", "table": "firewalld", "name": "filter_FWD_internal_deny"}}}, {"add": 
{"chain": {"family": "inet", "table": "firewalld", "name": 
"filter_FWD_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "filter_FWD_internal_post"}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": 
{"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": 
{"target": "filter_FWD_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": 
{"target": "filter_FWD_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": 
{"target": "filter_FWD_internal_deny"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": 
{"target": "filter_FWD_internal_allow"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": 
{"target": "filter_FWD_internal_post"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": 
{"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": 
[{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": 
{"chain": {"family": "inet", "table": "firewalld", "name": 
"nat_PRE_internal"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "nat_PRE_internal_pre"}}}, {"add": {"chain": {"family": 
"inet", "table": "firewalld", "name": "nat_PRE_internal_log"}}}, {"add": 
{"chain": {"family": "inet", "table": "firewalld", "name": 
"nat_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "nat_PRE_internal_allow"}}}, {"add": {"chain": {"family": 
"inet", "table": "firewalld", "name": "nat_PRE_internal_post"}}}, {"add": 
{"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", 
"expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": 
{"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", 
"expr": [{"jump": {"target": "nat_PRE_internal_pre"}}]}}}, {"add": {"rule": 
{"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": 
[{"jump": {"target": "nat_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": 
{"target": "nat_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": 
"nat_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": 
"firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": 
"nat_PRE_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": 
"firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": 
"nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", 
"table": "firewalld", "name": "mangle_PRE_internal"}}}, {"add": {"chain": 
{"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_pre"}}}, 
{"add": {"chain": {"family": "inet", "table": "firewalld", "name": 
"mangle_PRE_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "mangle_PRE_internal_deny"}}}, {"add": {"chain": 
{"family": "inet", "table": "firewalld", "name": 
"mangle_PRE_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": 
"firewalld", "name": "mangle_PRE_internal_post"}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": 
{"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": 
{"target": "mangle_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": 
{"target": "mangle_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", 
"table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": 
{"target": "mangle_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": 
{"target": "mangle_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": 
{"target": "mangle_PRE_internal_post"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": 
{"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"rule": {"family": 
"inet", "table": "firewalld", "chain": "filter_IN_internal", "index": 6, 
"expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": 
{"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"insert": {"rule": 
{"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": 
[{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": 
"eth1"}}, {"goto": {"target": "filter_IN_internal"}}]}}}, {"insert": {"rule": 
{"family": "inet", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", 
"expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": 
"eth1"}}, {"goto": {"target": "nat_POST_internal"}}]}}}, {"insert": {"rule": 
{"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_ZONES", 
"expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": 
"eth1"}}, {"goto": {"target": "filter_FWD_internal"}}]}}}, {"insert": {"rule": 
{"family": "inet", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", 
"expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": 
"eth1"}}, {"goto": {"target": "nat_PRE_internal"}}]}}}, {"insert": {"rule": 
{"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", 
"expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": 
"eth1"}}, {"goto": {"target": "mangle_PRE_internal"}}]}}}, {"add": {"rule": 
{"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal_allow", 
"expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": 
"eth1"}}, {"accept": null}]}}}]}


########### /etc/nftables.conf
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
        chain input {
                type filter hook input priority filter;
        }
        chain forward {
                type filter hook forward priority filter;
        }
        chain output {
                type filter hook output priority filter;
        }
}


####################### nft list ruleset
root@bpi-r4 /root $  nft list ruleset
table inet firewalld {
        chain mangle_PREROUTING {
                type filter hook prerouting priority mangle + 10; policy accept;
                jump mangle_PREROUTING_ZONES
        }

        chain mangle_PREROUTING_POLICIES_pre {
                jump mangle_PRE_policy_allow-host-ipv6
        }

        chain mangle_PREROUTING_ZONES {
                goto mangle_PRE_public
        }

        chain mangle_PREROUTING_POLICIES_post {
        }

        chain nat_PREROUTING {
                type nat hook prerouting priority dstnat + 10; policy accept;
                jump nat_PREROUTING_ZONES
        }

        chain nat_PREROUTING_POLICIES_pre {
                jump nat_PRE_policy_allow-host-ipv6
        }

        chain nat_PREROUTING_ZONES {
                goto nat_PRE_public
        }

        chain nat_PREROUTING_POLICIES_post {
        }

        chain nat_POSTROUTING {
                type nat hook postrouting priority srcnat + 10; policy accept;
                jump nat_POSTROUTING_ZONES
        }

        chain nat_POSTROUTING_POLICIES_pre {
        }

        chain nat_POSTROUTING_ZONES {
                goto nat_POST_public
        }

        chain nat_POSTROUTING_POLICIES_post {
        }

        chain nat_OUTPUT {
                type nat hook output priority -90; policy accept;
                jump nat_OUTPUT_POLICIES_pre
                jump nat_OUTPUT_POLICIES_post
        }

        chain nat_OUTPUT_POLICIES_pre {
        }

        chain nat_OUTPUT_POLICIES_post {
        }

        chain filter_PREROUTING {
                type filter hook prerouting priority filter + 10; policy accept;
                icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept
                meta nfproto ipv6 fib saddr . mark . iif oif missing drop
        }

        chain filter_INPUT {
                type filter hook input priority filter + 10; policy accept;
                ct state { established, related } accept
                ct status dnat accept
                iifname "lo" accept
                ct state invalid drop
                jump filter_INPUT_ZONES
                reject with icmpx admin-prohibited
        }

        chain filter_FORWARD {
                type filter hook forward priority filter + 10; policy accept;
                ct state { established, related } accept
                ct status dnat accept
                iifname "lo" accept
                ct state invalid drop
                ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 
2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 
} reject with icmpv6 addr-unreachable
                jump filter_FORWARD_ZONES
                reject with icmpx admin-prohibited
        }

        chain filter_OUTPUT {
                type filter hook output priority filter + 10; policy accept;
                ct state { established, related } accept
                oifname "lo" accept
                ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 
2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 
} reject with icmpv6 addr-unreachable
                jump filter_OUTPUT_POLICIES_pre
                jump filter_OUTPUT_POLICIES_post
        }

        chain filter_INPUT_POLICIES_pre {
                jump filter_IN_policy_allow-host-ipv6
        }

        chain filter_INPUT_ZONES {
                goto filter_IN_public
        }

        chain filter_INPUT_POLICIES_post {
        }

        chain filter_FORWARD_POLICIES_pre {
        }

        chain filter_FORWARD_ZONES {
                goto filter_FWD_public
        }

        chain filter_FORWARD_POLICIES_post {
        }

        chain filter_OUTPUT_POLICIES_pre {
        }

        chain filter_OUTPUT_POLICIES_post {
        }

        chain filter_IN_public {
                jump filter_INPUT_POLICIES_pre
                jump filter_IN_public_pre
                jump filter_IN_public_log
                jump filter_IN_public_deny
                jump filter_IN_public_allow
                jump filter_IN_public_post
                jump filter_INPUT_POLICIES_post
                meta l4proto { icmp, ipv6-icmp } accept
                reject with icmpx admin-prohibited
        }

        chain filter_IN_public_pre {
        }

        chain filter_IN_public_log {
        }

        chain filter_IN_public_deny {
        }

        chain filter_IN_public_allow {
                tcp dport 22 accept
                ip6 daddr fe80::/64 udp dport 546 accept
        }

        chain filter_IN_public_post {
        }

        chain nat_POST_public {
                jump nat_POSTROUTING_POLICIES_pre
                jump nat_POST_public_pre
                jump nat_POST_public_log
                jump nat_POST_public_deny
                jump nat_POST_public_allow
                jump nat_POST_public_post
                jump nat_POSTROUTING_POLICIES_post
        }

        chain nat_POST_public_pre {
        }

        chain nat_POST_public_log {
        }

        chain nat_POST_public_deny {
        }

        chain nat_POST_public_allow {
        }

        chain nat_POST_public_post {
        }

        chain filter_FWD_public {
                jump filter_FORWARD_POLICIES_pre
                jump filter_FWD_public_pre
                jump filter_FWD_public_log
                jump filter_FWD_public_deny
                jump filter_FWD_public_allow
                jump filter_FWD_public_post
                jump filter_FORWARD_POLICIES_post
                reject with icmpx admin-prohibited
        }

        chain filter_FWD_public_pre {
        }

        chain filter_FWD_public_log {
        }

        chain filter_FWD_public_deny {
        }

        chain filter_FWD_public_allow {
        }

        chain filter_FWD_public_post {
        }

        chain nat_PRE_public {
                jump nat_PREROUTING_POLICIES_pre
                jump nat_PRE_public_pre
                jump nat_PRE_public_log
                jump nat_PRE_public_deny
                jump nat_PRE_public_allow
                jump nat_PRE_public_post
                jump nat_PREROUTING_POLICIES_post
        }

        chain nat_PRE_public_pre {
        }

        chain nat_PRE_public_log {
        }

        chain nat_PRE_public_deny {
        }

        chain nat_PRE_public_allow {
        }

        chain nat_PRE_public_post {
        }

        chain mangle_PRE_public {
                jump mangle_PREROUTING_POLICIES_pre
                jump mangle_PRE_public_pre
                jump mangle_PRE_public_log
                jump mangle_PRE_public_deny
                jump mangle_PRE_public_allow
                jump mangle_PRE_public_post
                jump mangle_PREROUTING_POLICIES_post
        }

        chain mangle_PRE_public_pre {
        }

        chain mangle_PRE_public_log {
        }

        chain mangle_PRE_public_deny {
        }

        chain mangle_PRE_public_allow {
        }

        chain mangle_PRE_public_post {
        }

        chain filter_IN_policy_allow-host-ipv6 {
                jump filter_IN_policy_allow-host-ipv6_pre
                jump filter_IN_policy_allow-host-ipv6_log
                jump filter_IN_policy_allow-host-ipv6_deny
                jump filter_IN_policy_allow-host-ipv6_allow
                jump filter_IN_policy_allow-host-ipv6_post
        }

        chain filter_IN_policy_allow-host-ipv6_pre {
        }

        chain filter_IN_policy_allow-host-ipv6_log {
        }

        chain filter_IN_policy_allow-host-ipv6_deny {
        }

        chain filter_IN_policy_allow-host-ipv6_allow {
                icmpv6 type nd-neighbor-advert accept
                icmpv6 type nd-neighbor-solicit accept
                icmpv6 type nd-router-advert accept
                icmpv6 type nd-redirect accept
        }

        chain filter_IN_policy_allow-host-ipv6_post {
        }

        chain nat_PRE_policy_allow-host-ipv6 {
                jump nat_PRE_policy_allow-host-ipv6_pre
                jump nat_PRE_policy_allow-host-ipv6_log
                jump nat_PRE_policy_allow-host-ipv6_deny
                jump nat_PRE_policy_allow-host-ipv6_allow
                jump nat_PRE_policy_allow-host-ipv6_post
        }

        chain nat_PRE_policy_allow-host-ipv6_pre {
        }

        chain nat_PRE_policy_allow-host-ipv6_log {
        }

        chain nat_PRE_policy_allow-host-ipv6_deny {
        }

        chain nat_PRE_policy_allow-host-ipv6_allow {
        }

        chain nat_PRE_policy_allow-host-ipv6_post {
        }

        chain mangle_PRE_policy_allow-host-ipv6 {
                jump mangle_PRE_policy_allow-host-ipv6_pre
                jump mangle_PRE_policy_allow-host-ipv6_log
                jump mangle_PRE_policy_allow-host-ipv6_deny
                jump mangle_PRE_policy_allow-host-ipv6_allow
                jump mangle_PRE_policy_allow-host-ipv6_post
        }

        chain mangle_PRE_policy_allow-host-ipv6_pre {
        }

        chain mangle_PRE_policy_allow-host-ipv6_log {
        }

        chain mangle_PRE_policy_allow-host-ipv6_deny {
        }

        chain mangle_PRE_policy_allow-host-ipv6_allow {
        }

        chain mangle_PRE_policy_allow-host-ipv6_post {
        }
}



############################ lsmod
root@bpi-r4 /root $ lsmod
Module                  Size  Used by
nft_fib_inet           12288  1
nft_fib_ipv4           12288  1 nft_fib_inet
nft_fib_ipv6           12288  1 nft_fib_inet
nft_fib                12288  3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet
nft_reject_inet        12288  6
nf_reject_ipv4         12288  1 nft_reject_inet
nf_reject_ipv6         20480  1 nft_reject_inet
nft_reject             12288  1 nft_reject_inet
nft_ct                 16384  7
nft_chain_nat          12288  3
nf_nat                 45056  1 nft_chain_nat
nf_conntrack          106496  2 nf_nat,nft_ct
nf_defrag_ipv6         20480  1 nf_conntrack
nf_defrag_ipv4         12288  1 nf_conntrack
ip_set                 49152  0
nf_tables             225280  166 
nft_ct,nft_reject_inet,nft_fib_ipv6,nft_fib_ipv4,nft_chain_nat,nft_reject,nft_fib,nft_fib_inet
libcrc32c              12288  3 nf_conntrack,nf_nat,nf_tables
nfnetlink              16384  3 nf_tables,ip_set
mt7925e                16384  0
mt7925_common          86016  1 mt7925e
mt792x_lib             40960  2 mt7925e,mt7925_common
mt76_connac_lib        53248  3 mt792x_lib,mt7925e,mt7925_common
mt76                   86016  4 mt792x_lib,mt7925e,mt76_connac_lib,mt7925_common
mac80211              823296  4 mt792x_lib,mt76,mt76_connac_lib,mt7925_common
libarc4                12288  1 mac80211
cfg80211              811008  4 mt76,mac80211,mt76_connac_lib,mt7925_common
fuse                  151552  1
ip_tables              28672  0
x_tables               36864  1 ip_tables


########################## packages
root@bpi-r4 /root $ dpkg -l |grep "fire\|nft"
ii  firewalld                     1.3.3-1~deb12u1                      all      
    dynamically managed firewall with support for network zones
ii  libnftables1:arm64            1.0.6-2+deb12u2                      arm64    
    Netfilter nftables high level userspace API library
ii  libnftnl11:arm64              1.2.4-2                              arm64    
    Netfilter nftables userspace API library
ii  nftables                      1.0.6-2+deb12u2                      arm64    
    Program to control packet filtering rules by Netfilter project
ii  python3-firewall              1.3.3-1~deb12u1                      all      
    Python3 bindings for firewalld
ii  python3-nftables              1.0.6-2+deb12u2                      arm64    
    nftables/libnftables python3 module
root@bpi-r4 /root $





-- System Information:
Debian Release: 12.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 6.12.0-rc1-bpi-r4 (SMP w/4 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firewalld depends on:
ii  dbus              1.14.10-1~deb12u1
ii  gir1.2-glib-2.0   1.74.0-3
ii  gir1.2-nm-1.0     1.42.4-1
ii  polkitd           122-3
ii  python3           3.11.2-1+b1
ii  python3-dbus      1.3.2-4+b1
ii  python3-firewall  1.3.3-1~deb12u1
ii  python3-gi        3.42.2-3+b1
ii  python3-nftables  1.0.6-2+deb12u2

Versions of packages firewalld recommends:
ii  ipset           7.17-1
ii  iptables        1.8.9-2
ii  python3-cap-ng  0.8.3-1+b3

firewalld suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message ---
Am 12.11.24 um 20:14 schrieb fs3000:
-- System Information:
Debian Release: 12.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)


Kernel: Linux 6.12.0-rc1-bpi-r4 (SMP w/4 CPU threads)




This is not a Debian provided kernel afaics, so you might be missing
certain kernel features required by firewalld. In general, we don't
provide support for non-Debian spin-offs.

Ok, You're probably right, even tough i copied all the NFT, NAT and FILTER 
configs from original Debian kernel to the custom kernel build. Ok to close 
this bug then.

As said, given the backtrace, I don't think it's a problem of rsyslog itself and as I lack the means to reproduce this issue, I'm closing this bug report at this point.

If you can show, that this is indeed an rsyslog issue, please let us know and we will reopen the bug report.

Michael

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature


--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
Pkg-utopia-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers

Reply via email to