[Bug 1777] Error: COMMAND_FAILED: 'python-nftables' failed

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Nov 12 19:47:09 CET 2024 

https://bugzilla.netfilter.org/show_bug.cgi?id=1777

--- Comment #19 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to fs3000 from comment #16)
> So in a fresh system install,  purged nftables, other related packages
> already present and deleted nftables conf. Installed firewalld fresh, debian
> 12 packages.
> 
> Error:
> 
> Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error:
> Could not process rule: No such file or directory
> 
> internal:0:0-0: Error: Could not process rule: No such file or directory
> 
> 
> JSON blob:
> {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name": "filter_IN_internal"}}},
> {"add": {"chain": {"family": "inet", "table": "firewalld", "name":
> "filter_IN_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "filter_IN_internal_log"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "filter_IN_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "filter_IN_internal_allow"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "filter_IN_internal_post"}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target":
> "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump":
> {"target": "filter_IN_internal_pre"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr":
> [{"jump": {"target": "filter_IN_internal_log"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal",
> "expr": [{"jump": {"target": "filter_IN_internal_deny"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal", "expr": [{"jump": {"target":
> "filter_IN_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump":
> {"target": "filter_IN_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr":
> [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal",
> "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}},
> {"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload":
> {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}},
> {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match":
> {"left": {"payload": {"protocol": "ip", "field": "daddr"}}, "op": "==",
> "right": "224.0.0.251"}}, {"match": {"left": {"payload": {"protocol": "udp",
> "field": "dport"}}, "op": "==", "right": 5353}}, {"accept": null}]}}},
> {"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload":
> {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": "ff02::fb"}},
> {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op":
> "==", "right": 5353}}, {"accept": null}]}}}, {"add": {"ct helper":
> {"family": "inet", "table": "firewalld", "name": "helper-netbios-ns-udp",
> "type": "netbios-ns", "protocol": "udp"}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr":
> [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}},
> "op": "==", "right": 137}}, {"ct helper": "helper-netbios-ns-udp"}]}}},
> {"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload":
> {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 137}},
> {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match":
> {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==",
> "right": 138}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_IN_internal_allow", "expr":
> [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}},
> "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match":
> {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==",
> "right": 546}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet",
> "table": "firewalld", "name": "nat_POST_internal"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_pre"}}},
> {"add": {"chain": {"family": "inet", "table": "firewalld", "name":
> "nat_POST_internal_log"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "nat_POST_internal_deny"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "nat_POST_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "nat_POST_internal_post"}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal",
> "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "nat_POST_internal", "expr": [{"jump": {"target":
> "nat_POST_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target":
> "nat_POST_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target":
> "nat_POST_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target":
> "nat_POST_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump":
> {"target": "nat_POST_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr":
> [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add":
> {"chain": {"family": "inet", "table": "firewalld", "name":
> "filter_FWD_internal"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "filter_FWD_internal_pre"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "filter_FWD_internal_log"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "filter_FWD_internal_deny"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "filter_FWD_internal_allow"}}}, {"add": {"chain": {"family": "inet",
> "table": "firewalld", "name": "filter_FWD_internal_post"}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_FWD_internal", "expr": [{"jump": {"target":
> "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump":
> {"target": "filter_FWD_internal_pre"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr":
> [{"jump": {"target": "filter_FWD_internal_log"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal",
> "expr": [{"jump": {"target": "filter_FWD_internal_deny"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_FWD_internal", "expr": [{"jump": {"target":
> "filter_FWD_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump":
> {"target": "filter_FWD_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr":
> [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal",
> "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}},
> {"add": {"chain": {"family": "inet", "table": "firewalld", "name":
> "nat_PRE_internal"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "nat_PRE_internal_pre"}}}, {"add": {"chain": {"family":
> "inet", "table": "firewalld", "name": "nat_PRE_internal_log"}}}, {"add":
> {"chain": {"family": "inet", "table": "firewalld", "name":
> "nat_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "nat_PRE_internal_allow"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_post"}}},
> {"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "nat_PRE_internal", "expr": [{"jump": {"target":
> "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PRE_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump":
> {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal"}}},
> {"add": {"chain": {"family": "inet", "table": "firewalld", "name":
> "mangle_PRE_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "mangle_PRE_internal_log"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "mangle_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table":
> "firewalld", "name": "mangle_PRE_internal_allow"}}}, {"add": {"chain":
> {"family": "inet", "table": "firewalld", "name":
> "mangle_PRE_internal_post"}}}, {"add": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target":
> "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump":
> {"target": "mangle_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr":
> [{"jump": {"target": "mangle_PRE_internal_log"}}]}}}, {"add": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal",
> "expr": [{"jump": {"target": "mangle_PRE_internal_deny"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "mangle_PRE_internal", "expr": [{"jump": {"target":
> "mangle_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump":
> {"target": "mangle_PRE_internal_post"}}]}}}, {"add": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr":
> [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add":
> {"rule": {"family": "inet", "table": "firewalld", "chain":
> "filter_IN_internal", "index": 6, "expr": [{"match": {"left": {"meta":
> {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}},
> {"accept": null}]}}}, {"insert": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left":
> {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto":
> {"target": "filter_IN_internal"}}]}}}, {"insert": {"rule": {"family":
> "inet", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr":
> [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right":
> "eth1"}}, {"goto": {"target": "nat_POST_internal"}}]}}}, {"insert": {"rule":
> {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_ZONES",
> "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==",
> "right": "eth1"}}, {"goto": {"target": "filter_FWD_internal"}}]}}},
> {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain":
> "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key":
> "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target":
> "nat_PRE_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table":
> "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left":
> {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto":
> {"target": "mangle_PRE_internal"}}]}}}, {"add": {"rule": {"family": "inet",
> "table": "firewalld", "chain": "filter_FWD_internal_allow", "expr":
> [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right":
> "eth1"}}, {"accept": null}]}}}]}

I still see in this JSON blob reference to chains that do not exist.

> nftables.conf that came with the package:
> 
> #!/usr/sbin/nft -f
> 
> flush ruleset
> 
> table inet filter {
>         chain input {
>                 type filter hook input priority filter;
>         }
>         chain forward {
>                 type filter hook forward priority filter;
>         }
>         chain output {
>                 type filter hook output priority filter;
>         }
> }

Is this your existing ruleset? Makes no sense to me.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20241112/225937d3/attachment-0001.html>

More information about the netfilter-buglog mailing list