one of the following IPTables nftables Firewalld /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid https://www.tecmint.com/manage-firewalld-and-ufw-on-linux/ firewall-cmd --state UFW $ sudo dnf install selinux-policy python3-firewall-2.1.4-2.fc40.noarch ? https://cyberchaos.dev/e1mo/nixfiles/-/blob/2a395103cfde4d70c3670c5a51538cd9d0c254cb/modules/nftables/default.nix https://code.mayfirst.org/mfmt/bruce/-/blob/master/bruce_banner.py nft --check https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/thread/VSV4C24PFCMFWV2BPRRIGNYICLDXPHZR/ --- a/contrib/systemd/osmo-upf.service +++ b/contrib/systemd/osmo-upf.service @@ -12,6 +12,7 @@ Group=osmocom ExecStart=/usr/bin/osmo-upf -c /etc/osmocom/osmo-upf.cfg RestartSec=2 +AmbientCapabilities=CAP_NET_ADMIN ??? nft --debug all flush ruleset ??? Conflicts=iptables.service ip6tables.service ebtables.service ipset.service nftables.service sudo vi /usr/lib/python3.12/site-packages/firewall/core/fw.py line 583, in _start_apply_objects class Firewall: ... def _start_apply_objects(self, reload = False, complete_reload = False): ... transaction = FirewallTransaction(self) ... self.apply_default_tables(use_transaction = transaction) transaction.execute(True) # !!! ... def apply_default_tables(self, use_transaction = None): ... transaction = use_transaction ... for backend in self.enabled_backends(): transaction.add_rules(backend, backend.build_default_tables()) # ??? sudo vi /usr/lib/python3.12/site-packages/firewall/core/fw_transaction.py line 117, in execute raise FirewallError(errors.COMMAND_FAILED, errorMsg) # !!! ... class FirewallTransaction: ... def execute(self, enable): ... rules = self.rules ... error = False errorMsg = "" ... for backend_name in rules: try: self.fw.rules(backend_name, rules[backend_name]) except Exception as msg: error = True errorMsg = msg log.debug1(traceback.format_exc()) log.error(msg ... if error: ... raise FirewallError(errors.COMMAND_FAILED, errorMsg) $ sudo systemctl status firewalld ○ firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled) Drop-In: /usr/lib/systemd/system/service.d └─10-timeout-abort.conf Active: inactive (dead) Docs: man:firewalld(1) Feb 12 14:37:53 EPBYGOMW0024T4 firewalld[545]: ERROR: Raising SystemExit in run_server Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i> Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: Failed to load user configuration. Falling back to full stock configuration. Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i> Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: COMMAND_FAILED: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i> Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: Traceback (most recent call last): File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 724, in start self._start() File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 692, in _start self._start_apply_objects(reload=reload, complete_reload=complete_reload) File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 583, in _start_apply_objects transaction.execute(True) File "/usr/lib/python3.12/site-packages/firewall/core/fw_transaction.py", line 117, in execute raise FirewallError(errors.COMMAND_FAILED, errorMsg) firewall.errors.FirewallError: COMMAND_FAILED: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i> During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 734, in start self._start_failsafe() File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 720, in _start_failsafe self._start_apply_objects(reload=reload, complete_reload=complete_reload) File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 583, in _start_apply_objects transaction.execute(True) File "/usr/lib/python3.12/site-packages/firewall/core/fw_transaction.py", line 117, in execute raise FirewallError(errors.COMMAND_FAILED, errorMsg) firewall.errors.FirewallError: COMMAND_FAILED: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i> Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: COMMAND_FAILED: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i> Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: Failed to load full stock configuration. This likely indicates a system level issue, e.g. the firewall backend (nftables, iptables) is broken. A> Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i> Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: Raising SystemExit in run_server