Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Unsure about 'firewalld' required kernel config
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
FlyingWafflez
n00b
n00b


Joined: 27 Dec 2019
Posts: 26
PostPosted: Tue Mar 03, 2020 12:04 am    Post subject: Unsure about 'firewalld' required kernel config Reply with quote
Hello everyone, I'm trying to get firewalld working on my laptop but I've already broken my install once. Here's a link to my current kernel config: https://pastebin.com/nV0tqX5P The firewalld applet and GUI 'work' but trying to change zone provides no response and "systemctl status firewalld" gives a list of errors about not being able to add chain or rule inets. If anyone could provide some assistance I'd appreciate that.

Output of "systemctl status firewalld"
Code:
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
     Active: active (running) since Mon 2020-03-02 09:45:20 EST; 8h ago
       Docs: man:firewalld(1)
   Main PID: 1979 (firewalld)
        CPU: 941ms
     CGroup: /system.slice/firewalld.service
             └─1979 /usr/bin/python3.7 /usr/sbin/firewalld --nofork --nopid

Mar 02 09:45:20 thinkpad firewalld[1979]: ERROR: '/sbin/nft add chain inet firewalld raw_PREROUTING { type filter hook prerouting priority -290 ; }' failed: Error: Could>
                                          add chain inet firewalld raw_PREROUTING { type filter hook prerouting priority -290 ; }
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Mar 02 09:45:20 thinkpad firewalld[1979]: ERROR: '/sbin/nft add chain inet firewalld raw_PREROUTING { type filter hook prerouting priority -290 ; }' failed: Error: Could>
                                          add chain inet firewalld raw_PREROUTING { type filter hook prerouting priority -290 ; }
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Mar 02 09:45:20 thinkpad firewalld[1979]: ERROR: COMMAND_FAILED: '/sbin/nft add chain inet firewalld raw_PREROUTING { type filter hook prerouting priority -290 ; }' fail>
                                          add chain inet firewalld raw_PREROUTING { type filter hook prerouting priority -290 ; }
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Mar 02 09:45:56 thinkpad firewalld[1979]: ERROR: '/sbin/nft add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept' failed: Error: Could not p>
                                          add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept
                                                                                                      ^^^^^^^^^^^^^^
                                          Error: Could not process rule: No such file or directory
                                          add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept
                                                                                                      ^^^^^^^^^^^^^^
                                          Error: Could not process rule: No such file or directory
                                          add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Mar 02 09:45:56 thinkpad firewalld[1979]: ERROR: '/sbin/nft add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept' failed: Error: Could not p>
                                          add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept
                                                                                                      ^^^^^^^^^^^^^^
                                          Error: Could not process rule: No such file or directory
                                          add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept
                                                                                                      ^^^^^^^^^^^^^^
                                          Error: Could not process rule: No such file or directory
                                          add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Mar 02 09:45:56 thinkpad firewalld[1979]: ERROR: COMMAND_FAILED: '/sbin/nft add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept' failed: Er>
                                          add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept
                                                                                                      ^^^^^^^^^^^^^^
                                          Error: Could not process rule: No such file or directory
                                          add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept
                                                                                                      ^^^^^^^^^^^^^^
                                          Error: Could not process rule: No such file or directory
                                          add rule inet firewalld filter_IN_home index 4 meta l4proto {icmp, icmpv6} accept
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920
PostPosted: Tue Mar 03, 2020 12:37 am    Post subject: Reply with quote
It's probably this:
Code:
# CONFIG_IP6_NF_MATCH_IPV6HEADER is not set


You should make all the _MATCH targets modules to begin with and let it autoload the ones it needs, or you may get more of these errors. You can remove the rest later.
Back to top
View user's profile Send private message
FlyingWafflez
n00b
n00b


Joined: 27 Dec 2019
Posts: 26
PostPosted: Tue Mar 03, 2020 1:40 am    Post subject: Reply with quote
It to took me two tries, but that seems to have worked!

Thank you! :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy