RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

In original report (bug 1834853), firewalld got stuck loading a huge blacklist. Problem stems from libnftables JSON API doing pointless work for returned 'add element' command netlink messages instead of continuing right away. Fix sent upstream:

https://marc.info/?l=netfilter-devel&m=158938069717763&w=2

*** Bug 1835315 has been marked as a duplicate of this bug. ***

Upstream commit to backport:

commit c96c7da272e33a34770c4de4e3e50f7ed264672e
Author: Phil Sutter <phil>
Date:   Wed May 13 16:29:51 2020 +0200

    JSON: Improve performance of json_events_cb()
    
    The function tries to insert handles into JSON input for echo option.
    Yet there may be nothing to do if the given netlink message doesn't
    contain a handle, e.g. if it is an 'add element' command. Calling
    seqnum_to_json() is pointless overhead in that case, and if input is
    large this overhead is significant. Better wait with that call until
    after checking if the message is relevant at all.
    
    Signed-off-by: Phil Sutter <phil>
    Acked-by: Eric Garver <eric>

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nftables bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4535