firewalld and NetworkManager
by Hans Malissa
The 'Concepts' page in the firewalld documentation (https://firewalld.org/documentation/concepts.html) describes the interaction between firewalld and NetworkManager as: 'firewalld does not depend on NetworkManager, but the use is recommended. If NetworkManager is not used, there are some limitations...'.
When it comes to compiling and installing both, firewalld and NetworkManager; should NetworkManager or firewalld be built first, and are there some build options (configure options) necessary to make both applications interact?
Greetings,
Hans
4 years, 8 months
Re: Error with 'systemctl start firewalld'
by Hans Malissa
On July 20, 2019 at 9:22 AM, Eric Garver <egarver(a)redhat.com> wrote:
It likely means your kernel does not support IPv6 or the IPv6 for
netfilter/nftables is not enabled.
Maybe try a new kernel. Are you building your own?
Yes, I'm building my own kernels. Recompiling the kernel with IPv6 support did resolve the issue. Thanks a lot!
Hans
4 years, 8 months
Error with 'systemctl start firewalld'
by Hans Malissa
Hi list,
I've compiled and installed firewalld-0.7.0 on my linux system (linux-4.20.12), with no obvious errors during the built. When I start firewalld with
# systemctl start firewalld
I get
# systemctl status firewalld
ERROR: '/sbin/nft add chain ip6 firewalld nat_PREROUTING { type nat hook prerouting priority -90 ; }' failed: Error: Could not process rule: No such file or directory
When I inspect the nft tables afterwards, I get
# nft list tables
table inet firewalld
table ip firewalld
table ip6 firewalld
# nft list table inet firewalld
table inet firewalld {
chain raw_PREROUTING {
type filter hook prerouting priority raw + 10; policy accept;
}
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
}
}
# nft list table ip firewalld
table ip firewalld {
chain nat_PREROUTING {
type nat hook prerouting priority dstnat + 10; policy accept;
}
chain nat_POSTROUTING {
type nat hook postrouting priority srcnat + 10; policy accept;
}
}
# nft list table ip6 firewalld
table ip6 firewalld {
}
What is the problem here? nft seems to be working to some degree, but for some reason the ip6 table is not created.
Thanks a lot,
Hans
4 years, 8 months