5:19 p.m.
Hello,
Adding to my previous message I do have a kludge/fix that does make
firewalld work, though with an error. The fix is to change the backend
option from nftables to iptables in /etc/firewalld/firewalld.conf. I
then can add my rules and all is good. I do see the below message:
#firewall-cmd --reload
Error: COMMAND_FAILED: '/usr/sbin/ebtables-restore --noflush' failed:
ebtables-restore v1.8.9 (nf_tables):
line 3: CHAIN_DEL failed (Device or resource busy): chain PREROUTING_direct
line 3: CHAIN_DEL failed (Device or resource busy): chain POSTROUTING_direct
line 3: CHAIN_DEL failed (Device or resource busy): chain OUTPUT_direct
It does work but I'd love to know why the newer nftables backend keeps
failing and this error meaning?
Thank you.
Dave.
On 7/8/23, David Mehler <dave.mehler(a)gmail.com> wrote:
> Hello,
>
> I'm trying to get firewalld going on Debian 12 a vps. I've asked on
> the debian users list who refered me here with a way to get more
> verbose error messages, see below. Unfortunately I'm clueless as to
> what this could be. It from what I can see looks like it's trying to
> delete a chain and failing which causes firewalld to fail, though I
> could be wrong, python and myself are not friends.
>
> Any help appreciated.
> Thanks.
> Dave.
>
> root@hostname:~#systemctl --full --no-pager status firewalld
> ? firewalld.service - firewalld - dynamic firewall daemon
> Loaded: loaded (/lib/systemd/system/firewalld.service; enabled;
> preset: enabled)
> Active: inactive (dead) since Sat 2023-07-08 02:06:48 EDT; 7h ago
> Duration: 2.316s
> Docs: man:firewalld(1)
> Process: 77366 ExecStart=/usr/sbin/firewalld --nofork --nopid
> (code=exited, status=0/SUCCESS)
> Main PID: 77366 (code=exited, status=0/SUCCESS)
>
> Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR:
> '/usr/sbin/ebtables-restore --noflush' failed: ebtables-restore v1.8.9
> (nf_tables):
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain PREROUTING_direct
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain POSTROUTING_direct
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain OUTPUT_direct
> Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR:
> 'python-nftables' failed: internal:0:0-0: Error: Could not process
> rule: No such file or directory
>
>
> JSON blob:
> {"nftables":
> [{"metainfo": {"json_schema_version": 1}}, {"delete":
{"table":
> {"family": "inet", "name": "firewalld"}}},
{"add": {"table":
> {"family": "inet", "name": "firewalld"}}}]}
> Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR:
> COMMAND_FAILED: '/usr/sbin/ebtables-restore --noflush' failed:
> ebtables-restore v1.8.9 (nf_tables):
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain PREROUTING_direct
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain POSTROUTING_direct
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain OUTPUT_direct
> Jul 08 02:06:48 hostname.example.com firewalld[77366]: Traceback (most
> recent call last):
> File
> "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 633, in
> start
> self._start()
> File
> "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 597, in
> _start
>
> self._start_apply_objects(reload=reload,
> complete_reload=complete_reload)
> File
> "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 495, in
> _start_apply_objects
>
> transaction.execute(True)
> File
> "/usr/lib/python3/dist-packages/firewall/core/fw_transaction.py", line
> 161, in execute
> raise
> FirewallError(errors.COMMAND_FAILED, errorMsg)
>
> firewall.errors.FirewallError: COMMAND_FAILED:
> '/usr/sbin/ebtables-restore --noflush' failed: ebtables-restore v1.8.9
> (nf_tables):
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain PREROUTING_direct
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain POSTROUTING_direct
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain OUTPUT_direct
>
>
> During
> handling of the above exception, another exception occurred:
>
> Traceback
> (most recent call last):
> File
> "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 638, in
> start
>
> self._start_failsafe()
> File
> "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 629, in
> _start_failsafe
>
> self._start_apply_objects(reload=reload,
> complete_reload=complete_reload)
> File
> "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 495, in
> _start_apply_objects
>
> transaction.execute(True)
> File
> "/usr/lib/python3/dist-packages/firewall/core/fw_transaction.py", line
> 161, in execute
> raise
> FirewallError(errors.COMMAND_FAILED, errorMsg)
>
> firewall.errors.FirewallError: COMMAND_FAILED: 'python-nftables'
> failed: internal:0:0-0: Error: Could not process rule: No such file or
> directory
>
>
> JSON blob:
> {"nftables":
> [{"metainfo": {"json_schema_version": 1}}, {"delete":
{"table":
> {"family": "inet", "name": "firewalld"}}},
{"add": {"table":
> {"family": "inet", "name": "firewalld"}}}]}
> Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR:
> COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could
> not process rule: No such file or directory
>
>
> JSON blob:
> {"nftables":
> [{"metainfo": {"json_schema_version": 1}}, {"delete":
{"table":
> {"family": "inet", "name": "firewalld"}}},
{"add": {"table":
> {"family": "inet", "name": "firewalld"}}}]}
> Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR: Failed
> to load full stock configuration. This likely indicates a system level
> issue, e.g. the firewall backend (nftables, iptables) is broken. All
> hope is lost. Exiting.
> Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR:
> '/usr/sbin/ebtables-restore --noflush' failed: ebtables-restore v1.8.9
> (nf_tables):
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain PREROUTING_direct
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain POSTROUTING_direct
> line 3:
> CHAIN_DEL failed (Device or resource busy): chain OUTPUT_direct
> Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR:
> 'python-nftables' failed: internal:0:0-0: Error: Could not process
> rule: No such file or directory
>
>
> JSON blob:
> {"nftables":
> [{"metainfo": {"json_schema_version": 1}}, {"delete":
{"table":
> {"family": "inet", "name": "firewalld"}}}]}
> Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR: Raising
> SystemExit in run_server
> Jul 08 02:06:48 hostname.example.com systemd[1]: firewalld.service:
> Deactivated successfully.
>