-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nftables backend tries to mix ipv6 addresses and ipv4 addresses in the same rule #1146
Comments
Note: This is fixed on current code (master branch), but affects stable release: 1.2.z, 1.3.z. We should fix it on those stable releases. #1147 has a new test to trigger this bug. |
erig0
added a commit
to erig0/firewalld
that referenced
this issue
Jun 13, 2023
erig0
added a commit
that referenced
this issue
Jun 14, 2023
erig0
added a commit
to erig0/firewalld
that referenced
this issue
Jun 14, 2023
Note: This fix is unique to the stable branches. The master branch has significantly diverged in this area. Fixes: firewalld#1146
erig0
added a commit
to erig0/firewalld
that referenced
this issue
Jun 14, 2023
Coverage: firewalld#1146 (cherry picked from commit 3e7f059)
Merged
erig0
added a commit
to erig0/firewalld
that referenced
this issue
Jun 14, 2023
Note: This fix is unique to the stable branches. The master branch has significantly diverged in this area. Fixes: firewalld#1146
erig0
added a commit
to erig0/firewalld
that referenced
this issue
Jun 14, 2023
Coverage: firewalld#1146 (cherry picked from commit 3e7f059)
erig0
added a commit
to erig0/firewalld
that referenced
this issue
Jun 14, 2023
Note: This fix is unique to the stable branches. The master branch has significantly diverged in this area. Fixes: firewalld#1146
erig0
added a commit
to erig0/firewalld
that referenced
this issue
Jun 14, 2023
Coverage: firewalld#1146 (cherry picked from commit 3e7f059)
erig0
added a commit
that referenced
this issue
Jun 14, 2023
Note: This fix is unique to the stable branches. The master branch has significantly diverged in this area. Fixes: #1146
v1.3.3 released with a fix for this. |
erig0
added a commit
to erig0/firewalld
that referenced
this issue
Jun 14, 2023
Note: This fix is unique to the stable branches. The master branch has significantly diverged in this area. Fixes: firewalld#1146 (cherry picked from commit 69ed4d6)
erig0
added a commit
to erig0/firewalld
that referenced
this issue
Jun 14, 2023
Coverage: firewalld#1146 (cherry picked from commit 3e7f059)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happened
I upgraded my raspberrypi to Debian bookworm a couple days ago. Since then firewalld upgraded to version 1.3.0-1. Since then the Forwarding of packets to different zones worked differently? So I decided to add polices to accept those forwarded packages.
What you expected to happen
No response
How to reproduce it (as minimally and precisely as possible)
put in ipv4 addresses and ipv6 addresses as sources into the same zone.
use nftables as backend
Create a Policy to accept forwarding packets:
firewall-cmd --permanent --new-policy inToTrusted
firewall-cmd --permanent --policy=intToTrusted --add-egress-zone=trusted
firewall-cmd --permanent --policy=intToTrusted --add-ingress-zone=internal
Anything else we need to know?
No response
Firewalld Version
1.3.0
Firewalld Backend
nftables
Linux distribution
Debian GNU/Linux 12 bookworm
Linux kernel version
6.1.0-9-arm64
Other information
Pastebin1
Pastebin2
The text was updated successfully, but these errors were encountered: