RTPengine and firewalld.policy to replace firewalld.direct
by Anthony Joseph Messina
I see in upcoming versions, firewalld.policy is to replace the functionality of
iptables and firewalld.direct.
Browsing through the documentation, I can't see how I would replace the following
with policies as I can't find how to have a custom (module provided) TARGET.
The following supports the Sipwise NGCP RTPengine iptables kernel module:
https://github.com/sipwise/rtpengine
# direct.xml
<?xml version="1.0" encoding="utf-8"?>
<direct>
<!-- RTPengine managed iptables chain and kernel module forwarding-->
<chain ipv="ipv4" table="filter" chain="RTPENGINE_allow"/>
<chain ipv="ipv6" table="filter" chain="RTPENGINE_allow"/>
<passthrough ipv="ipv4">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE_allow</passthrough>
<passthrough ipv="ipv4">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE --id 0</passthrough>
<passthrough ipv="ipv6">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE_allow</passthrough>
<passthrough ipv="ipv6">-I INPUT -p udp -m udp --dport 30000:40000 -j RTPENGINE --id 0</passthrough>
</direct>
--
Anthony - https://messinet.com
F9B6 560E 68EA 037D 8C3D D1C9 FF31 3BDB D9D8 99B6
3 years
firewall-cmd --reload problem (version 0.8.2)
by Justas Balciunas
Hello,
I have problem with firewall-cmd --reload command. Allways I get the same error.
Fresh install of Ubuntu 20.04, Virtualmin (or without), firewalld version 0.8.2.
Everything works fine until reload.
firewall-cmd --reload or firewall-cmd --complete-reload gets error:
Error: COMMAND_FAILED: '/usr/sbin/ebtables-restore --noflush' failed: ebtables-restore v1.8.4 (nf_tables): RULE_DELETE failed (No such file or directory): rule in chain OUTPUT_direct
systemctl status firewall-cmd gets:
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-02-06 17:12:25 UTC; 23h ago
Docs: man:firewalld(1)
Main PID: 155 (firewalld)
Tasks: 2 (limit: 614)
Memory: 30.5M
CGroup: /system.slice/firewalld.service
└─155 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
Feb 06 17:11:59 matrica.world systemd[1]: firewalld.service: Succeeded.
Feb 06 17:11:59 matrica.world systemd[1]: Stopped firewalld - dynamic firewall daemon.
Feb 06 17:12:24 matrica.world systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 06 17:12:25 matrica.world systemd[1]: Started firewalld - dynamic firewall daemon.
Feb 07 16:38:42 matrica.world firewalld[155]: ERROR: '/usr/sbin/ebtables-restore --noflush' failed: ebtables-restore v1.8.4 (nf_tables): RULE_DELETE failed (No such file or directory): rule in chain OUTPUT_direct
Feb 07 16:38:42 matrica.world firewalld[155]: ERROR: COMMAND_FAILED: '/usr/sbin/ebtables-restore --noflush' failed: ebtables-restore v1.8.4 (nf_tables): RULE_DELETE failed (No such file or directory): rule in chain OUTPUT_direct
Can anyone help or link to solved solution?
3 years, 1 month
Looking for a command to show the full state of the firewall
by Tim Hughes
I am trying to get a command that gives a complete listing of the firewall
state at a point in time.
something like `iptables -L -v -n`
I had started to write a script which loops over all the interfaces and
then all the zones and all the other objects and I got to 5 while loops
deep and thought that there must be a better way.
This is for 2 reasons. One to be able to create a diff of any changes and
the other to be able to build a mental picture of the whole state for
debugging.
Tim Hughes
mailto:thughes@thegoldfish.org
3 years, 1 month