<html>
<head>
<base href="https://bugzilla.netfilter.org/">
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_REOPENED "
title="REOPENED - Error: COMMAND_FAILED: 'python-nftables' failed"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1777#c12">Comment # 12</a>
on <a class="bz_bug_link
bz_status_REOPENED "
title="REOPENED - Error: COMMAND_FAILED: 'python-nftables' failed"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1777">bug 1777</a>
from <span class="vcard"><a class="email" href="mailto:fs3000@proton.me" title="fs3000@proton.me">fs3000@proton.me</a>
</span></b>
<pre>root@bpi-r4 /root $ nft list ruleset
table inet firewalld { # progname firewalld
flags owner,persist
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy
accept;
jump mangle_PREROUTING_POLICIES
}
chain mangle_PREROUTING_POLICIES {
jump mangle_PRE_policy_allow-host-ipv6
jump mangle_PRE_public
return
}
chain nat_PREROUTING {
type nat hook prerouting priority dstnat + 10; policy accept;
jump nat_PREROUTING_POLICIES
}
chain nat_PREROUTING_POLICIES {
jump nat_PRE_policy_allow-host-ipv6
jump nat_PRE_public
return
}
chain nat_POSTROUTING {
type nat hook postrouting priority srcnat + 10; policy accept;
jump nat_POSTROUTING_POLICIES
}
chain nat_POSTROUTING_POLICIES {
jump nat_POST_public
return
}
chain nat_OUTPUT {
type nat hook output priority dstnat + 10; policy accept;
jump nat_OUTPUT_POLICIES
}
chain nat_OUTPUT_POLICIES {
jump nat_OUT_public
return
}
chain filter_PREROUTING {
type filter hook prerouting priority filter + 10; policy
accept;
icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept
meta nfproto ipv6 fib saddr . mark . iif oif missing drop
}
chain filter_INPUT {
type filter hook input priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
jump filter_INPUT_POLICIES
reject with icmpx admin-prohibited
}
chain filter_FORWARD {
type filter hook forward priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24,
2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19
} reject with icmpv6 addr-unreachable
jump filter_FORWARD_POLICIES
reject with icmpx admin-prohibited
}
chain filter_OUTPUT {
type filter hook output priority filter + 10; policy accept;
ct state { established, related } accept
oifname "lo" accept
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24,
2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19
} reject with icmpv6 addr-unreachable
jump filter_OUTPUT_POLICIES
}
chain filter_INPUT_POLICIES {
jump filter_IN_policy_allow-host-ipv6
jump filter_IN_public
reject with icmpx admin-prohibited
}
chain filter_FORWARD_POLICIES {
jump filter_FWD_public
reject with icmpx admin-prohibited
}
chain filter_OUTPUT_POLICIES {
jump filter_OUT_public
return
}
chain filter_IN_public {
jump filter_IN_public_pre
jump filter_IN_public_log
jump filter_IN_public_deny
jump filter_IN_public_allow
jump filter_IN_public_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_IN_public_pre {
}
chain filter_IN_public_log {
}
chain filter_IN_public_deny {
}
chain filter_IN_public_allow {
tcp dport 22 accept
ip6 daddr fe80::/64 udp dport 546 accept
}
chain filter_IN_public_post {
}
chain filter_OUT_public {
jump filter_OUT_public_pre
jump filter_OUT_public_log
jump filter_OUT_public_deny
jump filter_OUT_public_allow
jump filter_OUT_public_post
}
chain filter_OUT_public_pre {
}
chain filter_OUT_public_log {
}
chain filter_OUT_public_deny {
}
chain filter_OUT_public_allow {
}
chain filter_OUT_public_post {
}
chain nat_OUT_public {
jump nat_OUT_public_pre
jump nat_OUT_public_log
jump nat_OUT_public_deny
jump nat_OUT_public_allow
jump nat_OUT_public_post
}
chain nat_OUT_public_pre {
}
chain nat_OUT_public_log {
}
chain nat_OUT_public_deny {
}
chain nat_OUT_public_allow {
}
chain nat_OUT_public_post {
}
chain nat_POST_public {
jump nat_POST_public_pre
jump nat_POST_public_log
jump nat_POST_public_deny
jump nat_POST_public_allow
jump nat_POST_public_post
}
chain nat_POST_public_pre {
}
chain nat_POST_public_log {
}
chain nat_POST_public_deny {
}
chain nat_POST_public_allow {
}
chain nat_POST_public_post {
}
chain filter_FWD_public {
jump filter_FWD_public_pre
jump filter_FWD_public_log
jump filter_FWD_public_deny
jump filter_FWD_public_allow
jump filter_FWD_public_post
}
chain filter_FWD_public_pre {
}
chain filter_FWD_public_log {
}
chain filter_FWD_public_deny {
}
chain filter_FWD_public_allow {
}
chain filter_FWD_public_post {
}
chain nat_PRE_public {
jump nat_PRE_public_pre
jump nat_PRE_public_log
jump nat_PRE_public_deny
jump nat_PRE_public_allow
jump nat_PRE_public_post
}
chain nat_PRE_public_pre {
}
chain nat_PRE_public_log {
}
chain nat_PRE_public_deny {
}
chain nat_PRE_public_allow {
}
chain nat_PRE_public_post {
}
chain mangle_PRE_public {
jump mangle_PRE_public_pre
jump mangle_PRE_public_log
jump mangle_PRE_public_deny
jump mangle_PRE_public_allow
jump mangle_PRE_public_post
}
chain mangle_PRE_public_pre {
}
chain mangle_PRE_public_log {
}
chain mangle_PRE_public_deny {
}
chain mangle_PRE_public_allow {
}
chain mangle_PRE_public_post {
}
chain filter_IN_policy_allow-host-ipv6 {
jump filter_IN_policy_allow-host-ipv6_pre
jump filter_IN_policy_allow-host-ipv6_log
jump filter_IN_policy_allow-host-ipv6_deny
jump filter_IN_policy_allow-host-ipv6_allow
jump filter_IN_policy_allow-host-ipv6_post
}
chain filter_IN_policy_allow-host-ipv6_pre {
}
chain filter_IN_policy_allow-host-ipv6_log {
}
chain filter_IN_policy_allow-host-ipv6_deny {
}
chain filter_IN_policy_allow-host-ipv6_allow {
icmpv6 type nd-neighbor-advert accept
icmpv6 type nd-neighbor-solicit accept
icmpv6 type nd-router-advert accept
icmpv6 type nd-redirect accept
}
chain filter_IN_policy_allow-host-ipv6_post {
}
chain nat_PRE_policy_allow-host-ipv6 {
jump nat_PRE_policy_allow-host-ipv6_pre
jump nat_PRE_policy_allow-host-ipv6_log
jump nat_PRE_policy_allow-host-ipv6_deny
jump nat_PRE_policy_allow-host-ipv6_allow
jump nat_PRE_policy_allow-host-ipv6_post
}
chain nat_PRE_policy_allow-host-ipv6_pre {
}
chain nat_PRE_policy_allow-host-ipv6_log {
}
chain nat_PRE_policy_allow-host-ipv6_deny {
}
chain nat_PRE_policy_allow-host-ipv6_allow {
}
chain nat_PRE_policy_allow-host-ipv6_post {
}
chain mangle_PRE_policy_allow-host-ipv6 {
jump mangle_PRE_policy_allow-host-ipv6_pre
jump mangle_PRE_policy_allow-host-ipv6_log
jump mangle_PRE_policy_allow-host-ipv6_deny
jump mangle_PRE_policy_allow-host-ipv6_allow
jump mangle_PRE_policy_allow-host-ipv6_post
}
chain mangle_PRE_policy_allow-host-ipv6_pre {
}
chain mangle_PRE_policy_allow-host-ipv6_log {
}
chain mangle_PRE_policy_allow-host-ipv6_deny {
}
chain mangle_PRE_policy_allow-host-ipv6_allow {
}
chain mangle_PRE_policy_allow-host-ipv6_post {
}
}</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>