Package: firewalld Version: 0.9.1-1 Severity: normal X-Debbugs-Cc: stasz...@wp.pl
Dear Maintainer, The file /etc/init.d/firewalld is missing in the package firewalld 0.9.1-1. Therefore the firewalld service cannot be started. Temporary solution is to use /etc/init.d/firewalld from firewalld 0.6.3-5. -- System Information: Debian Release: bullseye/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.8.16-antix.1-amd64-smp (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) Versions of packages firewalld depends on: ii dbus 1.12.20-1 ii gir1.2-glib-2.0 1.66.1-1+b1 ii gir1.2-nm-1.0 1.28.0-1 ii iptables 1.8.6-1 ii policykit-1 0.105-29+antix1 ii python3 3.9.0-4 ii python3-dbus 1.2.16-4+b1 ii python3-firewall 0.9.1-1 ii python3-gi 3.38.0-1+b2 ii python3-nftables 0.9.7-1 Versions of packages firewalld recommends: pn ipset <none> firewalld suggests no packages. -- Configuration Files: /etc/firewalld/firewalld.conf # firewalld config file # default zone # The default zone used if an empty zone string is used. # Default: public DefaultZone=public # Clean up on exit # If set to no or false the firewall configuration will not get cleaned up # on exit or stop of firewalld # Default: yes CleanupOnExit=yes # Lockdown # If set to enabled, firewall changes with the D-Bus interface will be limited # to applications that are listed in the lockdown whitelist. # The lockdown whitelist file is lockdown-whitelist.xml # Default: no Lockdown=no # IPv6_rpfilter # Performs a reverse path filter test on a packet for IPv6. If a reply to the # packet would be sent via the same interface that the packet arrived on, the # packet will match and be accepted, otherwise dropped. # The rp_filter for IPv4 is controlled using sysctl. # Default: yes IPv6_rpfilter=yes # IndividualCalls # Do not use combined -restore calls, but individual calls. This increases the # time that is needed to apply changes and to start the daemon, but is good for # debugging. # Default: no IndividualCalls=no # LogDenied # Add logging rules right before reject and drop rules in the INPUT, FORWARD # and OUTPUT chains for the default rules and also final reject and drop rules # in zones. Possible values are: all, unicast, broadcast, multicast and off. # Default: off LogDenied=off # FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=nftables # FlushAllOnReload # Flush all runtime rules on a reload. In previous releases some runtime # configuration was retained during a reload, namely; interface to zone # assignment, and direct rules. This was confusing to users. To get the old # behavior set this to "no". # Default: yes FlushAllOnReload=yes # RFC3964_IPv4 # As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that # correspond to IPv4 addresses that should not be routed over the public # internet. # Defaults to "yes". RFC3964_IPv4=yes # AllowZoneDrifting # Older versions of firewalld had undocumented behavior known as "zone # drifting". This allowed packets to ingress multiple zones - this is a # violation of zone based firewalls. However, some users rely on this behavior # to have a "catch-all" zone, e.g. the default zone. You can enable this if you # desire such behavior. It's disabled by default for security reasons. # Note: If "yes" packets will only drift from source based zones to interface # based zones (including the default zone). Packets never drift from interface # based zones to other interfaces based zones (including the default zone). # Possible values; "yes", "no". Defaults to "no". AllowZoneDrifting=no /etc/firewalld/lockdown-whitelist.xml <?xml version="1.0" encoding="utf-8"?> <whitelist> <command name="/usr/bin/python3 /usr/bin/firewall-config"/> <selinux context="system_u:system_r:NetworkManager_t:s0"/> <selinux context="system_u:system_r:virtd_t:s0-s0:c0.c1023"/> <user id="0"/> </whitelist> -- no debconf information
