FS#59661 - [firewalld] Problem after upgrading from 0.6.0-1 to 0.6.1-1
Attached to Project:
Community Packages
Opened by Janne Pettersson (wincc) - Tuesday, 14 August 2018, 16:12 GMT
Last edited by Maxime Gauduin (Alucryd) - Tuesday, 21 August 2018, 12:05 GMT
Opened by Janne Pettersson (wincc) - Tuesday, 14 August 2018, 16:12 GMT
Last edited by Maxime Gauduin (Alucryd) - Tuesday, 21 August 2018, 12:05 GMT
|
Details
Description: After upgrading firewalld from 0.6.0-1 to
0.6.1-1 I can not open "Firewall Configuration" from whisker
menu or terminal or applet in tray
downgrading package and everything is ok uname -a < Linux dawson 4.18.0-arch1-1-ARCH #1 SMP PREEMPT Mon Aug 13 11:52:58 UTC 2018 x86_64 GNU/Linux > open from terminal show error. (see attachment ) Additional info: * package version(s) * config and/or log files etc. Steps to reproduce: |
This task depends upon
Closed by Maxime Gauduin (Alucryd)
Tuesday, 21 August 2018, 12:05 GMT
Reason for closing: Fixed
Additional comments about closing: 0.6.1-2
Tuesday, 21 August 2018, 12:05 GMT
Reason for closing: Fixed
Additional comments about closing: 0.6.1-2
when starting firewall-config you get a stacktrace:
firewall-config
/usr/bin/firewall-config:2381: DeprecationWarning: Gtk.Misc.set_alignment is deprecated
label.set_alignment(0, 0.5)
/usr/bin/firewall-config:2445: DeprecationWarning: Gtk.Misc.set_padding is deprecated
label.set_padding(12, 0)
Traceback (most recent call last):
File "/usr/bin/firewall-config", line 8093, in <module>
app = FirewallConfig()
File "/usr/bin/firewall-config", line 1386, in __init__
self.connection_changed()
File "/usr/bin/firewall-config", line 1692, in connection_changed
self.update_active_zones()
File "/usr/bin/firewall-config", line 2464, in update_active_zones
connection, zone ])
File "/usr/lib/python3.7/site-packages/gi/overrides/Gtk.py", line 1245, in append
return self._do_insert(parent, -1, row)
File "/usr/lib/python3.7/site-packages/gi/overrides/Gtk.py", line 1237, in _do_insert
row, columns = self._convert_row(row)
File "/usr/lib/python3.7/site-packages/gi/overrides/Gtk.py", line 876, in _convert_row
result.append(self._convert_value(cur_col, value))
File "/usr/lib/python3.7/site-packages/gi/overrides/Gtk.py", line 894, in _convert_value
return GObject.Value(self.get_column_type(column), value)
File "/usr/lib/python3.7/site-packages/gi/overrides/GObject.py", line 218, in __init__
self.set_value(py_value)
File "/usr/lib/python3.7/site-packages/gi/overrides/GObject.py", line 274, in set_value
(py_value, type(py_value)))
ValueError: Expected string but got False<class 'bool'>
next step is to change back to "Default" and now this works too..... weird..
Problem solved. but why I don´t know why.
/etc/firewalld/firewalld.conf
# firewalld config file
# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=drop
# Minimal mark
# Marks up to this minimum are free for use for example in the direct
# interface. If more free marks are needed, increase the minimum
# Default: 100
MinimalMark=100
# Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld
# Default: yes
CleanupOnExit=yes
# Lockdown
# If set to enabled, firewall changes with the D-Bus interface will be limited
# to applications that are listed in the lockdown whitelist.
# The lockdown whitelist file is lockdown-whitelist.xml
# Default: no
Lockdown=no
# IPv6_rpfilter
# Performs a reverse path filter test on a packet for IPv6. If a reply to the
# packet would be sent via the same interface that the packet arrived on, the
# packet will match and be accepted, otherwise dropped.
# The rp_filter for IPv4 is controlled using sysctl.
# Default: yes
IPv6_rpfilter=yes
# IndividualCalls
# Do not use combined -restore calls, but individual calls. This increases the
# time that is needed to apply changes and to start the daemon, but is good for
# debugging.
# Default: no
IndividualCalls=no
# LogDenied
# Add logging rules right before reject and drop rules in the INPUT, FORWARD
# and OUTPUT chains for the default rules and also final reject and drop rules
# in zones. Possible values are: all, unicast, broadcast, multicast and off.
# Default: off
LogDenied=off
# AutomaticHelpers
# For the secure use of iptables and connection tracking helpers it is
# recommended to turn AutomaticHelpers off. But this might have side effects on
# other services using the netfilter helpers as the sysctl setting in
# /proc/sys/net/netfilter/nf_conntrack_helper will be changed.
# With the system setting, the default value set in the kernel or with sysctl
# will be used. Possible values are: yes, no and system.
# Default: system
AutomaticHelpers=system
# FirewallBackend
# Selects the firewall backend implementation.
# Choices are:
# - nftables (default)
# - iptables (iptables, ip6tables, ebtables and ipset)
FirewallBackend=nftables
@Ike, I believe you're the guy in charge of vdebug and truly appreciate your work! What a great tool :)