Re: firewalld on Debian 12

[David Mehler <dave.mehler@gmail.com>]

Hello,

I sent a posting to the firewalld list, so far nothing. I do have a
kludge/fix that does make firewalld work, though with an error. The
fix is to change the backend option from nftables to iptables in
/etc/firewalld/firewalld.conf. I then can add my rules and all is
good. I do see the below message:

#firewall-cmd --reload
Error: COMMAND_FAILED: '/usr/sbin/ebtables-restore --noflush' failed:
ebtables-restore v1.8.9 (nf_tables):
line 3: CHAIN_DEL failed (Device or resource busy): chain PREROUTING_direct
line 3: CHAIN_DEL failed (Device or resource busy): chain POSTROUTING_direct
line 3: CHAIN_DEL failed (Device or resource busy): chain OUTPUT_direct

It does work but I'd love to know why the newer nftables backend keeps
failing and this error meaning?

Thank you.
Dave.


On 7/8/23, Max Nikulin <manikulin@gmail.com> wrote:
> On 08/07/2023 13:16, David Mehler wrote:
>> root@hostname:~#systemctl status firewalld
>> ? firewalld.service - firewalld - dynamic firewall daemon
>>       Loaded: loaded (/lib/systemd/system/firewalld.service; enabled;
>> preset:>
> ...
>> Jul 08 02:06:48 hostname.example.com firewalld[77366]: ERROR:
>> '/usr/sbin/e>
>>                                                           line 3:
>> CHAIN_DEL f>
>>                                                           line 3:
>> CHAIN_DEL f>
>>                                                           line 3:
>> CHAIN_DEL f>
>
> Please, use
>      systemctl --full --no-pager status firewalld
> or
>      systemctl status firewalld | cat
> to unveil complete error messages
>
>