Bug 1843398 - Rich rule with a MAC address doesnt work
Summary: Rich rule with a MAC address doesnt work
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: firewalld
Version: 32
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Eric Garver
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-06-03 08:42 UTC by Alessio
Modified: 2020-07-03 01:19 UTC (History)
2 users (show)

Fixed In Version: firewalld-0.8.3-1.fc32
Clone Of:
Environment:
Last Closed: 2020-07-03 01:19:00 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
firewall-cmd --reload errors (12.90 KB, text/plain)
2020-06-03 08:42 UTC, Alessio
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github firewalld firewalld issues 643 0 None closed Rich rule with a MAC address doesn't work 2020-08-04 19:58:09 UTC

Description Alessio 2020-06-03 08:42:44 UTC
Created attachment 1694736 [details]
firewall-cmd --reload errors

Let's assume a rule like this:

firewall-cmd --zone=FedoraWorkstation --permanent --add-rich-rule='rule source mac="11:22:33:44:55:66" reject'

success

But reloading with firewall-cmd --reload lead to a series of errors as per the attached file, starting with

Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory


The same steps on Fedora 31 seem to work.

sudo firewall-cmd --zone=FedoraWorkstation --list-rich-rules
rule source mac="11:22:33:44:55:66" drop

Comment 1 Alessio 2020-06-05 16:26:48 UTC
In addition, inserting that rule, firewalld is unable to restart.
The only way to solve the issue is manually editing the zone file in /etc/firewalls/zones

Comment 2 Eric Garver 2020-06-09 12:34:06 UTC
This has been fixed upstream.

  e255e7357358 ("fix(rich): source mac with nftables backend")

Comment 3 Fedora Update System 2020-07-01 20:14:31 UTC
FEDORA-2020-8eaabfad8b has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-8eaabfad8b

Comment 4 Fedora Update System 2020-07-02 01:16:06 UTC
FEDORA-2020-8eaabfad8b has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-8eaabfad8b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-8eaabfad8b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Fedora Update System 2020-07-03 01:19:00 UTC
FEDORA-2020-8eaabfad8b has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.