Am 10.10.24 um 19:50 schrieb fs3000:
Package: firewalld Version: 1.3.3-1~deb12u1 Severity: important X-Debbugs-Cc: fs3...@proton.meDear Maintainer, On a fresh install of Debian 12 on a arm64 router using an image create with this repo https://github.com/frank-w/BPI-Router-Images and using original packages, firewalld is not working properly. While doing "firewall-cmd --add-interface=eth1 --zone=internal", it fails with this error: root@bpi-r4 /root $ firewall-cmd --add-interface=eth1 --zone=internal Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory internal:0:0-0: Error: Could not process rule: No such file or directory JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_IN_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip", "field": "daddr"}}, "op": "==", "right": "224.0.0.251"}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 5353}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": "ff02::fb"}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 5353}}, {"accept": null}]}}}, {"add": {"ct helper": {"family": "inet", "table": "firewalld", "name": "helper-netbios-ns-udp", "type": "netbios-ns", "protocol": "udp"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 137}}, {"ct helper": "helper-netbios-ns-udp"}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 137}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 138}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_POST_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POST_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POST_internal", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWD_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FWD_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PRE_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PRE_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PRE_internal", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_internal_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PRE_internal_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_internal", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_internal", "index": 6, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "filter_IN_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "nat_POST_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "filter_FWD_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "nat_PRE_internal"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "eth1"}}, {"goto": {"target": "mangle_PRE_internal"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWD_internal_allow", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "eth1"}}, {"accept": null}]}}}]} ########### /etc/nftables.conf #!/usr/sbin/nft -f flush ruleset table inet filter { chain input { type filter hook input priority filter; } chain forward { type filter hook forward priority filter; } chain output { type filter hook output priority filter; } } ####################### nft list ruleset root@bpi-r4 /root $ nft list ruleset table inet firewalld { chain mangle_PREROUTING { type filter hook prerouting priority mangle + 10; policy accept; jump mangle_PREROUTING_ZONES } chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } chain mangle_PREROUTING_ZONES { goto mangle_PRE_public } chain mangle_PREROUTING_POLICIES_post { } chain nat_PREROUTING { type nat hook prerouting priority dstnat + 10; policy accept; jump nat_PREROUTING_ZONES } chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } chain nat_PREROUTING_ZONES { goto nat_PRE_public } chain nat_PREROUTING_POLICIES_post { } chain nat_POSTROUTING { type nat hook postrouting priority srcnat + 10; policy accept; jump nat_POSTROUTING_ZONES } chain nat_POSTROUTING_POLICIES_pre { } chain nat_POSTROUTING_ZONES { goto nat_POST_public } chain nat_POSTROUTING_POLICIES_post { } chain nat_OUTPUT { type nat hook output priority -90; policy accept; jump nat_OUTPUT_POLICIES_pre jump nat_OUTPUT_POLICIES_post } chain nat_OUTPUT_POLICIES_pre { } chain nat_OUTPUT_POLICIES_post { } chain filter_PREROUTING { type filter hook prerouting priority filter + 10; policy accept; icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . mark . iif oif missing drop } chain filter_INPUT { type filter hook input priority filter + 10; policy accept; ct state { established, related } accept ct status dnat accept iifname "lo" accept ct state invalid drop jump filter_INPUT_ZONES reject with icmpx admin-prohibited } chain filter_FORWARD { type filter hook forward priority filter + 10; policy accept; ct state { established, related } accept ct status dnat accept iifname "lo" accept ct state invalid drop ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable jump filter_FORWARD_ZONES reject with icmpx admin-prohibited } chain filter_OUTPUT { type filter hook output priority filter + 10; policy accept; ct state { established, related } accept oifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable jump filter_OUTPUT_POLICIES_pre jump filter_OUTPUT_POLICIES_post } chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } chain filter_INPUT_ZONES { goto filter_IN_public } chain filter_INPUT_POLICIES_post { } chain filter_FORWARD_POLICIES_pre { } chain filter_FORWARD_ZONES { goto filter_FWD_public } chain filter_FORWARD_POLICIES_post { } chain filter_OUTPUT_POLICIES_pre { } chain filter_OUTPUT_POLICIES_post { } chain filter_IN_public { jump filter_INPUT_POLICIES_pre jump filter_IN_public_pre jump filter_IN_public_log jump filter_IN_public_deny jump filter_IN_public_allow jump filter_IN_public_post jump filter_INPUT_POLICIES_post meta l4proto { icmp, ipv6-icmp } accept reject with icmpx admin-prohibited } chain filter_IN_public_pre { } chain filter_IN_public_log { } chain filter_IN_public_deny { } chain filter_IN_public_allow { tcp dport 22 accept ip6 daddr fe80::/64 udp dport 546 accept } chain filter_IN_public_post { } chain nat_POST_public { jump nat_POSTROUTING_POLICIES_pre jump nat_POST_public_pre jump nat_POST_public_log jump nat_POST_public_deny jump nat_POST_public_allow jump nat_POST_public_post jump nat_POSTROUTING_POLICIES_post } chain nat_POST_public_pre { } chain nat_POST_public_log { } chain nat_POST_public_deny { } chain nat_POST_public_allow { } chain nat_POST_public_post { } chain filter_FWD_public { jump filter_FORWARD_POLICIES_pre jump filter_FWD_public_pre jump filter_FWD_public_log jump filter_FWD_public_deny jump filter_FWD_public_allow jump filter_FWD_public_post jump filter_FORWARD_POLICIES_post reject with icmpx admin-prohibited } chain filter_FWD_public_pre { } chain filter_FWD_public_log { } chain filter_FWD_public_deny { } chain filter_FWD_public_allow { } chain filter_FWD_public_post { } chain nat_PRE_public { jump nat_PREROUTING_POLICIES_pre jump nat_PRE_public_pre jump nat_PRE_public_log jump nat_PRE_public_deny jump nat_PRE_public_allow jump nat_PRE_public_post jump nat_PREROUTING_POLICIES_post } chain nat_PRE_public_pre { } chain nat_PRE_public_log { } chain nat_PRE_public_deny { } chain nat_PRE_public_allow { } chain nat_PRE_public_post { } chain mangle_PRE_public { jump mangle_PREROUTING_POLICIES_pre jump mangle_PRE_public_pre jump mangle_PRE_public_log jump mangle_PRE_public_deny jump mangle_PRE_public_allow jump mangle_PRE_public_post jump mangle_PREROUTING_POLICIES_post } chain mangle_PRE_public_pre { } chain mangle_PRE_public_log { } chain mangle_PRE_public_deny { } chain mangle_PRE_public_allow { } chain mangle_PRE_public_post { } chain filter_IN_policy_allow-host-ipv6 { jump filter_IN_policy_allow-host-ipv6_pre jump filter_IN_policy_allow-host-ipv6_log jump filter_IN_policy_allow-host-ipv6_deny jump filter_IN_policy_allow-host-ipv6_allow jump filter_IN_policy_allow-host-ipv6_post } chain filter_IN_policy_allow-host-ipv6_pre { } chain filter_IN_policy_allow-host-ipv6_log { } chain filter_IN_policy_allow-host-ipv6_deny { } chain filter_IN_policy_allow-host-ipv6_allow { icmpv6 type nd-neighbor-advert accept icmpv6 type nd-neighbor-solicit accept icmpv6 type nd-router-advert accept icmpv6 type nd-redirect accept } chain filter_IN_policy_allow-host-ipv6_post { } chain nat_PRE_policy_allow-host-ipv6 { jump nat_PRE_policy_allow-host-ipv6_pre jump nat_PRE_policy_allow-host-ipv6_log jump nat_PRE_policy_allow-host-ipv6_deny jump nat_PRE_policy_allow-host-ipv6_allow jump nat_PRE_policy_allow-host-ipv6_post } chain nat_PRE_policy_allow-host-ipv6_pre { } chain nat_PRE_policy_allow-host-ipv6_log { } chain nat_PRE_policy_allow-host-ipv6_deny { } chain nat_PRE_policy_allow-host-ipv6_allow { } chain nat_PRE_policy_allow-host-ipv6_post { } chain mangle_PRE_policy_allow-host-ipv6 { jump mangle_PRE_policy_allow-host-ipv6_pre jump mangle_PRE_policy_allow-host-ipv6_log jump mangle_PRE_policy_allow-host-ipv6_deny jump mangle_PRE_policy_allow-host-ipv6_allow jump mangle_PRE_policy_allow-host-ipv6_post } chain mangle_PRE_policy_allow-host-ipv6_pre { } chain mangle_PRE_policy_allow-host-ipv6_log { } chain mangle_PRE_policy_allow-host-ipv6_deny { } chain mangle_PRE_policy_allow-host-ipv6_allow { } chain mangle_PRE_policy_allow-host-ipv6_post { } } ############################ lsmod root@bpi-r4 /root $ lsmod Module Size Used by nft_fib_inet 12288 1 nft_fib_ipv4 12288 1 nft_fib_inet nft_fib_ipv6 12288 1 nft_fib_inet nft_fib 12288 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet nft_reject_inet 12288 6 nf_reject_ipv4 12288 1 nft_reject_inet nf_reject_ipv6 20480 1 nft_reject_inet nft_reject 12288 1 nft_reject_inet nft_ct 16384 7 nft_chain_nat 12288 3 nf_nat 45056 1 nft_chain_nat nf_conntrack 106496 2 nf_nat,nft_ct nf_defrag_ipv6 20480 1 nf_conntrack nf_defrag_ipv4 12288 1 nf_conntrack ip_set 49152 0 nf_tables 225280 166 nft_ct,nft_reject_inet,nft_fib_ipv6,nft_fib_ipv4,nft_chain_nat,nft_reject,nft_fib,nft_fib_inet libcrc32c 12288 3 nf_conntrack,nf_nat,nf_tables nfnetlink 16384 3 nf_tables,ip_set mt7925e 16384 0 mt7925_common 86016 1 mt7925e mt792x_lib 40960 2 mt7925e,mt7925_common mt76_connac_lib 53248 3 mt792x_lib,mt7925e,mt7925_common mt76 86016 4 mt792x_lib,mt7925e,mt76_connac_lib,mt7925_common mac80211 823296 4 mt792x_lib,mt76,mt76_connac_lib,mt7925_common libarc4 12288 1 mac80211 cfg80211 811008 4 mt76,mac80211,mt76_connac_lib,mt7925_common fuse 151552 1 ip_tables 28672 0 x_tables 36864 1 ip_tables ########################## packages root@bpi-r4 /root $ dpkg -l |grep "fire\|nft" ii firewalld 1.3.3-1~deb12u1 all dynamically managed firewall with support for network zones ii libnftables1:arm64 1.0.6-2+deb12u2 arm64 Netfilter nftables high level userspace API library ii libnftnl11:arm64 1.2.4-2 arm64 Netfilter nftables userspace API library ii nftables 1.0.6-2+deb12u2 arm64 Program to control packet filtering rules by Netfilter project ii python3-firewall 1.3.3-1~deb12u1 all Python3 bindings for firewalld ii python3-nftables 1.0.6-2+deb12u2 arm64 nftables/libnftables python3 module root@bpi-r4 /root $ -- System Information: Debian Release: 12.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: arm64 (aarch64) Kernel: Linux 6.12.0-rc1-bpi-r4 (SMP w/4 CPU threads)
This is not a Debian provided kernel afaics, so you might be missing certain kernel features required by firewalld. In general, we don't provide support for non-Debian spin-offs.
OpenPGP_signature.asc
Description: OpenPGP digital signature
