Builtin modules support #430

seblu · 2018-11-18T23:53:39Z

Hello,

Firewalld refuse to start when nf_conntrack modules are builtin inside the kernel.

# systemctl start firewalld
# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

nov. 12 14:24:19 titanic.upparc.fr systemd[1]: Starting firewalld - dynamic firewall daemon...
nov. 12 14:24:22 titanic.upparc.fr systemd[1]: Started firewalld - dynamic firewall daemon.
nov. 12 14:24:23 titanic.upparc.fr firewalld[1861]: ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack'
                                                    modprobe: ERROR: could not insert 'nf_conntrack': Unknown symbol in module, or unknown parameter (see dmesg)
                                                    modprobe: ERROR: Error running install command for nf_conntrack
                                                    modprobe: ERROR: could not insert 'nf_conntrack': Operation not permitted
nov. 12 14:24:23 titanic.upparc.fr firewalld[1861]: ERROR: Raising SystemExit in run_server
nov. 19 00:50:13 titanic.upparc.fr systemd[1]: Starting firewalld - dynamic firewall daemon...
nov. 19 00:50:16 titanic.upparc.fr systemd[1]: Started firewalld - dynamic firewall daemon.
nov. 19 00:50:16 titanic.upparc.fr firewalld[12263]: ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack'
                                                     modprobe: ERROR: could not insert 'nf_conntrack': Unknown symbol in module, or unknown parameter (see dmesg)
                                                     modprobe: ERROR: Error running install command for nf_conntrack
                                                     modprobe: ERROR: could not insert 'nf_conntrack': Operation not permitted
nov. 19 00:50:16 titanic.upparc.fr firewalld[12263]: ERROR: Raising SystemExit in run_server

Would be nice to only fails when a kernel feature is missing and cannot be loaded.

Regards,

Reference: Using firewalld with custom kernels

The text was updated successfully, but these errors were encountered:

that-schamp · 2019-02-07T00:03:19Z

I just tripped over this on a linode instance with firewalld-0.6.3-1.fc29.noarch.

/usr/lib/python3.7/site-packages/firewall/core/modules.py - module::load_module calls modprobe.

modprobe should return true if the module is built-in. However, modprobe apparently checks for builtins by consulting /lib/modules/$(uname -r)/modules.builtin. This file is not present on my hosted system, so it fails.

To WAR this scenario, we can check for the existence of /sys/module/module_name. This will exist if the module is loaded or builtin (and sysfs is mounted).

My python-foo is weak, or I would submit a patch. If someone wants to tackle this, it needs to check for the existence of /sys/module/module_name (and return success if it exists) prior to attempting to call modprobe. This an optimization, not just a WAR ;-)

The possible hazard I see is that there is also extensive use of /proc/modules. /proc/modules on lists loadable modules, not built-ins, so there some risk of mismatch by using difference sources. Ie, while any module represented in sysfs can be considered loaded for most purposes, we should be sure to only attempt to unload modules that are listed in /proc/modules.

mohd-akram · 2019-03-20T15:08:53Z

I just came across this on my Linode server as well. Is there a fix/workaround?

that-schamp · 2019-03-20T21:48:30Z

@mohd-akram A generic workaround is to populate /lib/modules/$(uname -r)/modules.builtin yourself by listing all modules represented in /sys/modules that do not have an associated module file (or link). This will work around the problem for any module that may be used by firewalld.

An alternative - how I am avoiding this problem - is to switch to the distro kernel instead of the minimalist kernel linode provides as a default.

mohd-akram · 2019-03-20T22:52:25Z

Thanks, I went for option B.

erig0 · 2019-04-16T22:19:10Z

Sounds like this is better solved in the distro itself. I'd rather not add workarounds in firewalld to suit a distro that ships broken tools (i.e. modprobe). @that-schamp mentioned a manual workaround above.

seblu · 2019-04-17T09:42:20Z

Make sense.

Unfortunately I can't go with alternative suggestion of @that-schamp.
So here is the few lines I needed to fix the modprobe detection.

mkdir /lib/modules/$(uname -r)
touch /lib/modules/$(uname -r)/modules.{builtin,order}
for i in /sys/module/*; do echo kernel/${i##**/}.ko; done >> /lib/modules/$(uname -r)/modules.builtin
depmod -a

There are many cases in which module loading may fail: - builtin modules, but corrupt/missing modules.builtin database - CONFIG_MODULES=n - inside unprivileged container Unfortunately, we have no way to detect these scenarios. The only thing we can do is attempt to load the module and hope for the best. Fixes: #430 Fixes: #519

There are many cases in which module loading may fail: - builtin modules, but corrupt/missing modules.builtin database - CONFIG_MODULES=n - inside unprivileged container Unfortunately, we have no way to detect these scenarios. The only thing we can do is attempt to load the module and hope for the best. Fixes: firewalld#430 Fixes: firewalld#519 (cherry picked from commit 88e76dd)

There are many cases in which module loading may fail: - builtin modules, but corrupt/missing modules.builtin database - CONFIG_MODULES=n - inside unprivileged container Unfortunately, we have no way to detect these scenarios. The only thing we can do is attempt to load the module and hope for the best. Fixes: #430 Fixes: #519 (cherry picked from commit 88e76dd)

dvershinin · 2019-11-17T23:36:34Z

Here is a fix that builds upon @seblu commands and survives kernel upgrades. (auto-rebuilds the file during startup, for updated non-stock kernels).

erig0 · 2019-12-11T14:40:33Z

Removing "won't fix" tag. It was left by mistake. This issue was fixed in commit 88e76dd.

bviktor · 2022-10-20T02:16:49Z

Make sense.

Unfortunately I can't go with alternative suggestion of @that-schamp. So here is the few lines I needed to fix the modprobe detection.
mkdir /lib/modules/$(uname -r)
touch /lib/modules/$(uname -r)/modules.{builtin,order}
for i in /sys/module/*; do echo kernel/${i##**/}.ko; done >> /lib/modules/$(uname -r)/modules.builtin
depmod -a

Hi,

I've tried to get this to work in WSL, but no luck. Does anyone have any idea how to get this to work on Ubuntu 20.04 w/ WSL2? Someone suggested listing the module name in /etc/modules-load.d/modules.conf but that didn't work either, and firewalld still fails with

# firewall-cmd --reload
Error: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.8.4 (legacy): unknown option "--helper"
Error occurred at line: 30
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.

When I try to enable the tftp service...

erig0 · 2022-10-21T17:51:38Z

firewalld still fails with

# firewall-cmd --reload
Error: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.8.4 (legacy): unknown option "--helper"
Error occurred at line: 30
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.

This looks like you're missing kernel support for connection tracking helpers. Make sure your kernel has CONFIG_NETFILTER_XT_MATCH_HELPER=y.

bviktor · 2022-10-21T18:24:12Z

Thanks a lot, you're right, that module is actually not set, I'll try to rebuild the WSL kernel with that added and see where it goes :)

bviktor · 2022-10-21T20:31:33Z

Thanks again for the tip. Unfortunately, it doesn't seem to resolve the issue.

# cat /proc/config.gz | gunzip | grep CONFIG_NETFILTER_XT_MATCH_HELPER
CONFIG_NETFILTER_XT_MATCH_HELPER=y
# firewall-cmd --reload
Error: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.8.4 (legacy): unknown option "--helper"
Error occurred at line: 30
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.

Any other suggestions? :)

bviktor · 2022-10-22T02:44:48Z

Hmm, after like half day of messing around, I've actually managed to rebuild the WSL kernel with modules, and start my WSL instance with the relevant modules present. So now it looks something like this:

$ lsmod
Module                  Size  Used by
nf_conntrack_tftp      16384  0
xt_helper              16384  0
xt_MASQUERADE          16384  2
xt_conntrack           16384  1
iptable_nat            16384  1
nf_nat                 45056  2 iptable_nat,xt_MASQUERADE
nf_conntrack          106496  5 xt_conntrack,nf_nat,nf_conntrack_tftp,xt_helper,xt_MASQUERADE
nf_defrag_ipv6         20480  1 nf_conntrack
nf_defrag_ipv4         16384  1 nf_conntrack

But the issue persists... :\

bviktor · 2022-10-22T02:48:06Z

Ok, so now that I've finally started firewalld in debug:

/usr/sbin/firewalld --nofork --nopid --debug

Here's the error log:

2022-10-22 02:46:36 DEBUG1: reload()
2022-10-22 02:46:36 DEBUG1: Setting policy to 'DROP'
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: Loading firewalld config file '/etc/firewalld/firewalld.conf'
2022-10-22 02:46:36 DEBUG1: CleanupOnExit is set to 'True'
2022-10-22 02:46:36 DEBUG1: IPv6 rpfilter is enabled
2022-10-22 02:46:36 DEBUG1: LogDenied is set to 'off'
2022-10-22 02:46:36 DEBUG1: FirewallBackend is set to 'iptables'
2022-10-22 02:46:36 DEBUG1: FlushAllOnReload is set to 'True'
2022-10-22 02:46:36 DEBUG1: RFC3964_IPv4 is set to 'True'
2022-10-22 02:46:36 DEBUG1: AllowZoneDrifting is set to 'False'
2022-10-22 02:46:36 DEBUG1: Loading lockdown whitelist
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/address-unreachable.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/bad-header.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/beyond-scope.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/communication-prohibited.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/destination-unreachable.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/echo-reply.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/echo-request.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/failed-policy.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/fragmentation-needed.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/host-precedence-violation.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/host-prohibited.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/host-redirect.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/host-unknown.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/host-unreachable.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/ip-header-bad.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/neighbour-advertisement.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/neighbour-solicitation.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/network-prohibited.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/network-redirect.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/network-unknown.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/network-unreachable.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/no-route.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/packet-too-big.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/parameter-problem.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/port-unreachable.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/precedence-cutoff.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/protocol-unreachable.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/redirect.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/reject-route.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/required-option-missing.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/router-advertisement.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/router-solicitation.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/source-quench.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/source-route-failed.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/time-exceeded.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/timestamp-reply.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/timestamp-request.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/tos-host-redirect.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/tos-host-unreachable.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/tos-network-redirect.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/tos-network-unreachable.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/ttl-zero-during-reassembly.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/ttl-zero-during-transit.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/unknown-header-type.xml'
2022-10-22 02:46:36 DEBUG1: Loading icmptype file '/usr/lib/firewalld/icmptypes/unknown-option.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/Q.931.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/RAS.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/amanda.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/ftp.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/h323.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/irc.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/netbios-ns.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/pptp.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/proto-gre.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/sane.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/sip.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/snmp.xml'
2022-10-22 02:46:36 DEBUG1: Loading helper file '/usr/lib/firewalld/helpers/tftp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/RH-Satellite-6.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/amanda-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/amanda-k5-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/amqp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/amqps.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/apcupsd.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/audit.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/bacula-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/bacula.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/bb.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/bgp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/bitcoin-rpc.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/bitcoin-testnet-rpc.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/bitcoin-testnet.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/bitcoin.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/bittorrent-lsd.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ceph-mon.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ceph.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/cfengine.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/cockpit.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/condor-collector.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ctdb.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/dhcp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/dhcpv6-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/dhcpv6.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/distcc.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/dns-over-tls.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/dns.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/docker-registry.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/docker-swarm.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/dropbox-lansync.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/elasticsearch.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/etcd-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/etcd-server.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/finger.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/freeipa-4.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/freeipa-ldap.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/freeipa-ldaps.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/freeipa-replication.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/freeipa-trust.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ftp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ganglia-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ganglia-master.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/git.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/grafana.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/gre.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/high-availability.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/http.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/https.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/imap.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/imaps.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ipp-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ipp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ipsec.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/irc.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ircs.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/iscsi-target.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/isns.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/jenkins.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/kadmin.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/kdeconnect.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/kerberos.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/kibana.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/klogin.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/kpasswd.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/kprop.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/kshell.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/kube-apiserver.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ldap.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ldaps.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/libvirt-tls.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/libvirt.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/lightning-network.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/llmnr.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/managesieve.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/matrix.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/mdns.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/memcache.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/minidlna.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/mongodb.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/mosh.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/mountd.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/mqtt-tls.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/mqtt.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ms-wbt.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/mssql.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/murmur.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/mysql.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/nfs.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/nfs3.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/nmea-0183.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/nrpe.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ntp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/nut.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/openvpn.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ovirt-imageio.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ovirt-storageconsole.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ovirt-vmconsole.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/plex.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/pmcd.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/pmproxy.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/pmwebapi.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/pmwebapis.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/pop3.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/pop3s.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/postgresql.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/privoxy.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/prometheus.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/proxy-dhcp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ptp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/pulseaudio.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/puppetmaster.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/quassel.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/radius.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/rdp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/redis-sentinel.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/redis.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/rpc-bind.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/rsh.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/rsyncd.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/rtsp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/salt-master.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/samba-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/samba-dc.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/samba.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/sane.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/sip.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/sips.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/slp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/smtp-submission.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/smtp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/smtps.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/snmp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/snmptrap.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/spideroak-lansync.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/spotify-sync.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/squid.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ssdp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/ssh.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/steam-streaming.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/svdrp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/svn.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/syncthing-gui.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/syncthing.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/synergy.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/syslog-tls.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/syslog.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/telnet.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/tentacle.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/tftp-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/tftp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/tile38.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/tinc.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/tor-socks.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/transmission-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/upnp-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/vdsm.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/vnc-server.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/wbem-http.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/wbem-https.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/wsman.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/wsmans.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/xdmcp.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/xmpp-bosh.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/xmpp-client.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/xmpp-local.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/xmpp-server.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/zabbix-agent.xml'
2022-10-22 02:46:36 DEBUG1: Loading service file '/usr/lib/firewalld/services/zabbix-server.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/usr/lib/firewalld/zones/block.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/usr/lib/firewalld/zones/dmz.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/usr/lib/firewalld/zones/drop.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/usr/lib/firewalld/zones/external.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/usr/lib/firewalld/zones/home.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/usr/lib/firewalld/zones/internal.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/usr/lib/firewalld/zones/public.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/usr/lib/firewalld/zones/trusted.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/usr/lib/firewalld/zones/work.xml'
2022-10-22 02:46:36 DEBUG1: Loading zone file '/etc/firewalld/zones/public.xml'
2022-10-22 02:46:36 DEBUG1:   Overloads zone 'public' ('/usr/lib/firewalld/zones/public.xml')
2022-10-22 02:46:36 DEBUG1: Using default zone 'public'
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: Flushing rule set
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: Applying default rule set
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: Applying used zones
2022-10-22 02:46:36 DEBUG1: Applying zone 'block'
2022-10-22 02:46:36 DEBUG1: Applying zone 'dmz'
2022-10-22 02:46:36 DEBUG1: Applying zone 'drop'
2022-10-22 02:46:36 DEBUG1: Applying zone 'external'
2022-10-22 02:46:36 DEBUG1: Applying zone 'home'
2022-10-22 02:46:36 DEBUG1: Applying zone 'internal'
2022-10-22 02:46:36 DEBUG1: Applying zone 'public'
2022-10-22 02:46:36 DEBUG1: Applying zone 'trusted'
2022-10-22 02:46:36 DEBUG1: Applying zone 'work'
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/firewall/core/fw_transaction.py", line 128, in execute
    self.fw.rules(backend_name, rules[backend_name])
  File "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 874, in rules
    backend.set_rules(_rules, self._log_denied)
  File "/usr/lib/python3/dist-packages/firewall/core/ipXtables.py", line 505, in set_rules
    raise ValueError("'%s %s' failed: %s" % (self._restore_command,
ValueError: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.4 (legacy): unknown option "--helper"
Error occurred at line: 27
Try `iptables-restore -h' or 'iptables-restore --help' for more information.


2022-10-22 02:46:36 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.4 (legacy): unknown option "--helper"
Error occurred at line: 27
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

2022-10-22 02:46:36 DEBUG1: Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/firewall/core/fw_transaction.py", line 128, in execute
    self.fw.rules(backend_name, rules[backend_name])
  File "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 874, in rules
    backend.set_rules(_rules, self._log_denied)
  File "/usr/lib/python3/dist-packages/firewall/core/ipXtables.py", line 505, in set_rules
    raise ValueError("'%s %s' failed: %s" % (self._restore_command,
ValueError: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.8.4 (legacy): unknown option "--helper"
Error occurred at line: 30
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.


2022-10-22 02:46:36 ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.8.4 (legacy): unknown option "--helper"
Error occurred at line: 30
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.

2022-10-22 02:46:36 DEBUG1: Setting policy to 'ACCEPT'
2022-10-22 02:46:36 DEBUG1: ipv6 table 'nat' does not exist (or not enough permission to check).
2022-10-22 02:46:36 DEBUG1: Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/firewall/server/decorators.py", line 68, in dbus_handle_exceptions
    return func(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/firewall/server/firewalld.py", line 318, in reload
    self.fw.reload()
  File "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 1042, in reload
    raise start_exception
  File "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 963, in reload
    self._start(reload=True, complete_reload=stop)
  File "/usr/lib/python3/dist-packages/firewall/core/fw.py", line 450, in _start
    transaction.execute(True)
  File "/usr/lib/python3/dist-packages/firewall/core/fw_transaction.py", line 173, in execute
    raise FirewallError(errors.COMMAND_FAILED, errorMsg)
firewall.errors.FirewallError: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.8.4 (legacy): unknown option "--helper"
Error occurred at line: 30
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.


2022-10-22 02:46:36 ERROR: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.8.4 (legacy): unknown option "--helper"
Error occurred at line: 30
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.

bviktor · 2022-10-23T00:11:52Z

Oh boy, I can't believe it, but I think I made it work. I did a Hyper-V install of 20.04 as well with the server ISO, and it works just fine, so now I installed all packages present on the Hyper-V instance. Then I recompiled the WSL kernel to have all the modules that the stock Hyper-V VM has. And now it works.

Now I "only" need to figure out exactly which modules and packages are missing that cause this break. Will report back later.

bviktor · 2022-10-23T03:07:37Z

Sooo after another several hours of messing around:

no package was missing in Docker
apparently firewalld wasn't even having a problem with nf_conntrack_tftp or nf_nat_tftp being a loadable or a builtin at all, it was all about one more module missing from the WSL kernel: CONFIG_NETFILTER_XT_TARGET_CT.

Soooo TLDR all I needed was:

CONFIG_NETFILTER_XT_MATCH_HELPER=y
CONFIG_NETFILTER_XT_TARGET_CT=y

Thanks a lot @erig0 for pointing me in the right direction, I really appreciate it.

erig0 mentioned this issue Dec 20, 2018

iptables-restore -w -n #440

Closed

erig0 closed this as completed Apr 16, 2019

erig0 added the won't fix Won't fix. Out of scope or not useful. label Apr 16, 2019

djlucas mentioned this issue Sep 22, 2019

kernel builltins: ERROR: INVALID_HELPER: 'nf_conntrack_netbios_ns' is not available #517

Closed

erig0 mentioned this issue Oct 23, 2019

Failed to load nf_conntrack module on CentOS 7.7 container #519

Closed

erig0 removed the won't fix Won't fix. Out of scope or not useful. label Dec 11, 2019

erig0 mentioned this issue Apr 27, 2020

Firewalld Not rejecting IP's #617

Closed

alexkingnz mentioned this issue Jul 22, 2022

Firewalld fails on systems with non-modular kernels #1000

Closed

bviktor mentioned this issue Oct 20, 2022

IT/TFTP firewalld part broken noobient/noobuntu#101

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Builtin modules support #430

Builtin modules support #430

seblu commented Nov 18, 2018

that-schamp commented Feb 7, 2019 •

edited

mohd-akram commented Mar 20, 2019

that-schamp commented Mar 20, 2019

mohd-akram commented Mar 20, 2019

erig0 commented Apr 16, 2019

seblu commented Apr 17, 2019

dvershinin commented Nov 17, 2019

erig0 commented Dec 11, 2019

bviktor commented Oct 20, 2022

erig0 commented Oct 21, 2022

bviktor commented Oct 21, 2022

bviktor commented Oct 21, 2022 •

edited

bviktor commented Oct 22, 2022

bviktor commented Oct 22, 2022

bviktor commented Oct 23, 2022

bviktor commented Oct 23, 2022

Builtin modules support #430

Builtin modules support #430

Comments

seblu commented Nov 18, 2018

that-schamp commented Feb 7, 2019 • edited

mohd-akram commented Mar 20, 2019

that-schamp commented Mar 20, 2019

mohd-akram commented Mar 20, 2019

erig0 commented Apr 16, 2019

seblu commented Apr 17, 2019

dvershinin commented Nov 17, 2019

erig0 commented Dec 11, 2019

bviktor commented Oct 20, 2022

erig0 commented Oct 21, 2022

bviktor commented Oct 21, 2022

bviktor commented Oct 21, 2022 • edited

bviktor commented Oct 22, 2022

bviktor commented Oct 22, 2022

bviktor commented Oct 23, 2022

bviktor commented Oct 23, 2022

that-schamp commented Feb 7, 2019 •

edited

bviktor commented Oct 21, 2022 •

edited