FS#59814 - [firewalld] 0.6.1-2 not forwarding packets from Ethernet bridges

Attached to Project: Community Packages
Opened by Jan Martens (JanMa) - Sunday, 26 August 2018, 13:43 GMT
Last edited by Doug Newgard (Scimmia) - Monday, 27 August 2018, 05:06 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Maxime Gauduin (Alucryd)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

Since Linux 4.18.x firewalld fails to forward packets originating from virtual Ethernet bridges like "docker0" or QEMU Ethernet devices.
For further information have a look at this bug report: https://bugs.archlinux.org/task/59749?project=1

Additional info:
* package version(s): firewalld 0.6.1-2, linux 4.18.x
* log files: see attached docker.txt file


Steps to reproduce:

Start a docker container or a virtual machine using bridged networking and try to do packet upgrades. Stopping firewalld and restarting docker will restore network connection in the container
This task depends upon

Closed by  Doug Newgard (Scimmia)
Monday, 27 August 2018, 05:06 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#59749 

Don't do that
Comment by loqs (loqs) - Sunday, 26 August 2018, 17:00 GMT
Have you tried other versions of firewalld such as 0.5 or the current git HEAD? Does it happen with both the nftables and iptables backends?
Have you reported the issue upstream?
Comment by Daniel Apolinario (dapolinario) - Sunday, 26 August 2018, 18:52 GMT
Try to add the interface in some zone (in the example below I added in the "public" zone):

firewall-cmd --zone=public --change-interface=virbr0 --permanent

Also add the "dns" and "dhcp" services to this zone (I did this through firewall-config).

Loading...