<html>
<head>
<base href="https://bugzilla.netfilter.org/">
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_REOPENED "
title="REOPENED - Error: COMMAND_FAILED: 'python-nftables' failed"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1777#c19">Comment # 19</a>
on <a class="bz_bug_link
bz_status_REOPENED "
title="REOPENED - Error: COMMAND_FAILED: 'python-nftables' failed"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1777">bug 1777</a>
from <span class="vcard"><a class="email" href="mailto:pablo@netfilter.org" title="Pablo Neira Ayuso <pablo@netfilter.org>"> <span class="fn">Pablo Neira Ayuso</span></a>
</span></b>
<pre>(In reply to fs3000 from <a href="show_bug.cgi?id=1777#c16">comment #16</a>)
<span class="quote">> So in a fresh system install, purged nftables, other related packages
> already present and deleted nftables conf. Installed firewalld fresh, debian
> 12 packages.
>
> Error:
>
> Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error:
> Could not process rule: No such file or directory
>
> internal:0:0-0: Error: Could not process rule: No such file or directory
>
>
> JSON blob:
> {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name": "filter_IN_internal"}}},
> {"add": {"chain": {"family": "inet", "table": "firewalld", "name":
> "filter_IN_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "filter_IN_internal_log"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "filter_IN_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "filter_IN_internal_allow"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "filter_IN_internal_post"}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target":
> "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump":
> {"target": "filter_IN_internal_pre"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr":
> [{"jump": {"target": "filter_IN_internal_log"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal",
> "expr": [{"jump": {"target": "filter_IN_internal_deny"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal", "expr": [{"jump": {"target":
> "filter_IN_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump":
> {"target": "filter_IN_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr":
> [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal",
> "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}},
> {"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload":
> {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}},
> {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match":
> {"left": {"payload": {"protocol": "ip", "field": "daddr"}}, "op": "==",
> "right": "224.0.0.251"}}, {"match": {"left": {"payload": {"protocol": "udp",
> "field": "dport"}}, "op": "==", "right": 5353}}, {"accept": null}]}}},
> {"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload":
> {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": "ff02::fb"}},
> {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op":
> "==", "right": 5353}}, {"accept": null}]}}}, {"add": {"ct helper":
> {"family": "inet", "table": "firewalld", "name": "helper-netbios-ns-udp",
> "type": "netbios-ns", "protocol": "udp"}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr":
> [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}},
> "op": "==", "right": 137}}, {"ct helper": "helper-netbios-ns-udp"}]}}},
> {"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload":
> {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 137}},
> {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match":
> {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==",
> "right": 138}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_IN_internal_allow", "expr":
> [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}},
> "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match":
> {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==",
> "right": 546}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet",
> "table": "firewalld", "name": "nat_POST_internal"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_pre"}}},
> {"add": {"chain": {"family": "inet", "table": "firewalld", "name":
> "nat_POST_internal_log"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "nat_POST_internal_deny"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "nat_POST_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "nat_POST_internal_post"}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal",
> "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "nat_POST_internal", "expr": [{"jump": {"target":
> "nat_POST_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target":
> "nat_POST_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target":
> "nat_POST_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target":
> "nat_POST_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump":
> {"target": "nat_POST_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr":
> [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add":
> {"chain": {"family": "inet", "table": "firewalld", "name":
> "filter_FWD_internal"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "filter_FWD_internal_pre"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "filter_FWD_internal_log"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "filter_FWD_internal_deny"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "filter_FWD_internal_allow"}}}, {"add": {"chain": {"family": "inet",
> "table": "firewalld", "name": "filter_FWD_internal_post"}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_FWD_internal", "expr": [{"jump": {"target":
> "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump":
> {"target": "filter_FWD_internal_pre"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr":
> [{"jump": {"target": "filter_FWD_internal_log"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal",
> "expr": [{"jump": {"target": "filter_FWD_internal_deny"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_FWD_internal", "expr": [{"jump": {"target":
> "filter_FWD_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump":
> {"target": "filter_FWD_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr":
> [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal",
> "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}},
> {"add": {"chain": {"family": "inet", "table": "firewalld", "name":
> "nat_PRE_internal"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "nat_PRE_internal_pre"}}}, {"add": {"chain": {"family":
> "inet", "table": "firewalld", "name": "nat_PRE_internal_log"}}}, {"add":
> {"chain": {"family": "inet", "table": "firewalld", "name":
> "nat_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "nat_PRE_internal_allow"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_post"}}},
> {"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "nat_PRE_internal", "expr": [{"jump": {"target":
> "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal"}}},
> {"add": {"chain": {"family": "inet", "table": "firewalld", "name":
> "mangle_PRE_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "mangle_PRE_internal_log"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "mangle_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "mangle_PRE_internal_allow"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "mangle_PRE_internal_post"}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target":
> "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump":
> {"target": "mangle_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr":
> [{"jump": {"target": "mangle_PRE_internal_log"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal",
> "expr": [{"jump": {"target": "mangle_PRE_internal_deny"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "mangle_PRE_internal", "expr": [{"jump": {"target":
> "mangle_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump":
> {"target": "mangle_PRE_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr":
> [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal", "index": 6, "expr": [{"match": {"left": {"meta":
> {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}},
> {"accept": null}]}}}, {"insert": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left":
> {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto":
> {"target": "filter_IN_internal"}}]}}}, {"insert": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr":
> [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right":
> "eth1"}}, {"goto": {"target": "nat_POST_internal"}}]}}}, {"insert": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_ZONES",
> "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==",
> "right": "eth1"}}, {"goto": {"target": "filter_FWD_internal"}}]}}},
> {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key":
> "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target":
> "nat_PRE_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left":
> {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto":
> {"target": "mangle_PRE_internal"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_FWD_internal_allow", "expr":
> [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right":
> "eth1"}}, {"accept": null}]}}}]}</span >
I still see in this JSON blob reference to chains that do not exist.
<span class="quote">> nftables.conf that came with the package:
>
> #!/usr/sbin/nft -f
>
> flush ruleset
>
> table inet filter {
> chain input {
> type filter hook input priority filter;
> }
> chain forward {
> type filter hook forward priority filter;
> }
> chain output {
> type filter hook output priority filter;
> }
> }</span >
Is this your existing ruleset? Makes no sense to me.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>