Package: firehol Version: 3.1.6+ds-7 Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi, firehol seems to have problem to reread rules in nofast mode when using iptables-nft. See: https://github.com/firehol/firehol/issues/352 Here is part of output, it goes on to ERROR : # 30 # firehol nofast try FireHOL: Saving active firewall to a temporary file... OK FireHOL: Processing file '/etc/firehol/firehol.conf'... OK (522 iptables rules) FireHOL: Activating ipsets... OK FireHOL: Activating new firewall (522 rules)... - - -------------------------------------------------------------------------------- ERROR : # 1. WHAT : A runtime command failed to execute (returned error 1). SOURCE : 30@/etc/firehol/firehol.conf: blacklist4: COMMAND : /usr/sbin/iptables -t filter -N BLACKLIST.bi.1.in OUTPUT : iptables v1.8.2 (nf_tables): Chain already exists - - -------------------------------------------------------------------------------- ERROR : # 2. WHAT : A runtime command failed to execute (returned error 1). SOURCE : 30@/etc/firehol/firehol.conf: blacklist4: COMMAND : /usr/sbin/iptables -t filter -N BLACKLIST.bi.1.out OUTPUT : iptables v1.8.2 (nf_tables): Chain already exists - - ------------------------ It can be solved by using iptables-legacy. Can you please document this in NEWS entry? Users of firehol should run # update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy # update-alternatives --set iptables /usr/sbin/iptables-legacy Thanks, Libor -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEPGZVVU37tFmB0TQv8O+MbsKfR44FAlytsyIVHGxpYm9yLmts ZXBhY0BiY29tLmN6AAoJEPDvjG7Cn0eOgscQAJQcq25XrIwxrIunE5QVP+BuKK9i JIqyVvkIQEPVa10alut/UVPofkPiSS+VtG1Lhu5IkAt+WQsy54AFeyA0y8ujQpBE lNqPIa6gj+fo1xOHk5YSlCZuUzVlpCDQ81/khUh3uCDJbV1ufOE306oJnG+LWGll k9B5Tc/2OYZnukRncFstgdMD6surR2XFsI8mQwsTsI2fmPkjPaP1wCySMO4zW/Ku HGD0tr2tImAg4x2HtzDQgztwIJnga9dpjtF+Y0Ww8TofLni8Tg5s7L1JRrbw9NB4 0E38tRr6R/49NiVtpYa1hKDsf8UYqRmtcWWBfUO28m7IhYFHu0+1KBuP2oAM8uC5 rdUaS2SdgdDH06JZ/Qq98AdG39RjmRuCyxK+uh8MAbnI/8ENE9DNAa/k5IcfvtY9 HRQkEB9PHzaLfPR1Qp4zEvrULH5eEw5GqIB8Qb/knYvgrIc8yh9eyj+t47qRy2N/ BX+7p8Ur38L5QRdppI3+ZfwCL0tUpBgVbfIHx02be4vtp1SExZvQv/KUbAnl17c8 kMPvzsH8rWkKxlFfT3hrl3plf/EtBci4bTzVy+UjZGnV87WH0YwZJ2noR4hMqAmt QUidRqHQ580GhJNnIqD89GB96TCsgvO1jMhm2p9IpVPQbjFmJvtjKT4elpvTkCQZ 7wHmzTprFD+lEDrr =HAh/ -----END PGP SIGNATURE-----
