locsec/notes
1
Форкнуть 0
зеркало из https://github.com/iharh/notes.git synced 2025-10-29 20:56:06 +02:00
Код Задачи Пакеты Проекты Релизы Вики Активность
notes/pages/firewalld.txt
Ihar Hancharenka bf69ad418a m
2025-02-14 07:02:17 +03:00

138 строки
8.1 KiB
Plaintext
Исходник Ответственный История

one of the following
IPTables
nftables
Firewalld
/usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
https://www.tecmint.com/manage-firewalld-and-ufw-on-linux/
firewall-cmd --state
UFW
$ sudo dnf install selinux-policy
python3-firewall-2.1.4-2.fc40.noarch
?
https://cyberchaos.dev/e1mo/nixfiles/-/blob/2a395103cfde4d70c3670c5a51538cd9d0c254cb/modules/nftables/default.nix
https://code.mayfirst.org/mfmt/bruce/-/blob/master/bruce_banner.py
nft --check
https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/thread/VSV4C24PFCMFWV2BPRRIGNYICLDXPHZR/
--- a/contrib/systemd/osmo-upf.service
+++ b/contrib/systemd/osmo-upf.service
@@ -12,6 +12,7 @@
Group=osmocom
ExecStart=/usr/bin/osmo-upf -c /etc/osmocom/osmo-upf.cfg
RestartSec=2
+AmbientCapabilities=CAP_NET_ADMIN
???
nft --debug all flush ruleset
???
Conflicts=iptables.service ip6tables.service ebtables.service ipset.service nftables.service
sudo vi /usr/lib/python3.12/site-packages/firewall/core/fw.py
line 583, in _start_apply_objects
class Firewall:
...
def _start_apply_objects(self, reload = False, complete_reload = False):
...
transaction = FirewallTransaction(self)
...
self.apply_default_tables(use_transaction = transaction)
transaction.execute(True) # !!!
...
def apply_default_tables(self, use_transaction = None):
...
transaction = use_transaction
...
for backend in self.enabled_backends():
transaction.add_rules(backend, backend.build_default_tables()) # ???
sudo vi /usr/lib/python3.12/site-packages/firewall/core/fw_transaction.py
line 117, in execute
raise FirewallError(errors.COMMAND_FAILED, errorMsg) # !!!
...
class FirewallTransaction:
...
def execute(self, enable):
...
rules = self.rules
...
error = False
errorMsg = ""
...
for backend_name in rules:
try:
self.fw.rules(backend_name, rules[backend_name])
except Exception as msg:
error = True
errorMsg = msg
log.debug1(traceback.format_exc())
log.error(msg
...
if error:
...
raise FirewallError(errors.COMMAND_FAILED, errorMsg)
$ sudo systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: inactive (dead)
Docs: man:firewalld(1)
Feb 12 14:37:53 EPBYGOMW0024T4 firewalld[545]: ERROR: Raising SystemExit in run_server
Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i>
Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: Failed to load user configuration. Falling back to full stock configuration.
Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i>
Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: COMMAND_FAILED: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i>
Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: Traceback (most recent call last):
File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 724, in start
self._start()
File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 692, in _start
self._start_apply_objects(reload=reload, complete_reload=complete_reload)
File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 583, in _start_apply_objects
transaction.execute(True)
File "/usr/lib/python3.12/site-packages/firewall/core/fw_transaction.py", line 117, in execute
raise FirewallError(errors.COMMAND_FAILED, errorMsg)
firewall.errors.FirewallError: COMMAND_FAILED: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 734, in start
self._start_failsafe()
File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 720, in _start_failsafe
self._start_apply_objects(reload=reload, complete_reload=complete_reload)
File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 583, in _start_apply_objects
transaction.execute(True)
File "/usr/lib/python3.12/site-packages/firewall/core/fw_transaction.py", line 117, in execute
raise FirewallError(errors.COMMAND_FAILED, errorMsg)
firewall.errors.FirewallError: COMMAND_FAILED: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i>
Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: COMMAND_FAILED: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i>
Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: Failed to load full stock configuration. This likely indicates a system level issue, e.g. the firewall backend (nftables, iptables) is broken. A>
Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: 'python-nftables' failed: netlink: Error: cache initialization failed: Operation not permitted
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}, {"delete": {"table": {"family": "i>
Feb 12 14:42:21 EPBYGOMW0024T4 firewalld[955]: ERROR: Raising SystemExit in run_server
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку