|
Re: firewalld isssue
#yocto
Nicolas Jeker
On Sun, 2022-03-27 at 23:39 -0700, sateesh m wrote:
Hi Team,Judging by this stack exchange thread[1] from a quick search, you might be missing the appropriate kernel configs[2]. [1]: https://unix.stackexchange.com/questions/632113 [2]: https://wiki.gentoo.org/wiki/Nftables#Kernel
|
||
|
|
||
|
Re: CVE patch updates
Nicolas Jeker
On Thu, 2022-03-24 at 18:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org wrote: If you look at the source for cve-update-db-native.bb[1], you see how the URLs are being generated. It tries to send requests to the following URLs (if you didn't change NVDCVE_URL): https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{YEAR}.meta https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{YEAR}.json.gz Where {YEAR} is every year from 2002 up until the current year + 1. I suspect you might be behind a corporate firewall which does deep inspection and replaces the certificates, but that's just a guess. [1]: https://git.yoctoproject.org/poky/tree/meta/recipes-core/meta/cve-update-db-native.bb response.read().decode("utf-8").splitlines(): |
||
|
|
||
|
firewalld isssue
#yocto
sateesh m
Hi Team,
I have built a custom image core-image-base on riscv target machine installed nftables,firewalld,JSON packages support. I am using firewalld_0.9.3 sources depends nftables-python is present. But I am getting error python-nftables. Can you please guide me on what dependent I missed here? If suppose firewalld should work means, What packages should I install? But while running firewalld status is always failed mode. Using $firewall-cmd --reload I am facing a problem Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -290}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -140}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT", "type": "filter", "hook": "input", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD", "type": "filter", "hook": "forward", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT", "type": "filter", "hook": "output", "prio": 10}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_IN_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_IN_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_OUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_OUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "index": 0, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "index": 2, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"goto": {"target": "filter_IN_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"goto": {"target": "filter_FWDO_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"goto": {"target": "filter_FWDI_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"goto": {"target": "mangle_PRE_public"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_POLICIES_pre", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-solicit"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-router-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-redirect"}}, {"accept": null}]}}}]}
-- Regards, Sateesh |
||
|
|
||
|
firewalld isssue
#yocto
sateesh m
Hi Team,
I have built a custom image core-image-base with nftables,firewalld,json packages support. I am using firewalld_0.9.3 sources depends nftables-python is present. But I am getting error python-nftables. Can you please guide me on what dependent I missed here? If suppose firewalld should work means, What packages should I install? But while running firewalld status is always failed mode. Using $firewall-cmd --reload I am facing a problem Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -290}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -140}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT", "type": "filter", "hook": "input", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD", "type": "filter", "hook": "forward", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT", "type": "filter", "hook": "output", "prio": 10}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_IN_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_IN_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_OUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_OUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "index": 0, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "index": 2, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"goto": {"target": "filter_IN_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"goto": {"target": "filter_FWDO_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"goto": {"target": "filter_FWDI_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"goto": {"target": "mangle_PRE_public"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_POLICIES_pre", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-solicit"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-router-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-redirect"}}, {"accept": null}]}}}]}
-- Regards, Sateesh |
||
|
|
||
|
[meta-security][PATCH] openscap-daemon: inherit python_setuptools_build_meta
Chen Qi
setuptools_build_meta has been renamed to python_setuptools_build_meta.
Signed-off-by: Chen Qi <Qi.Chen@...> --- .../recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb index cf6d531..9659323 100644 --- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb +++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb @@ -13,7 +13,7 @@ SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol= file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \ " -inherit setuptools_build_meta +inherit python_setuptools_build_meta S = "${WORKDIR}/git" -- 2.33.0 |
||
|
|
||
|
Re: CVE patch updates
Monsees, Steven C (US)
Thanks Tim, subscribed…
From: Tim Orling <ticotimo@...>
Sent: Thursday, March 24, 2022 9:03 PM To: Richard Purdie <richard.purdie@...> Cc: Monsees, Steven C (US) <steven.monsees@...>; yocto@... Subject: Re: [yocto] CVE patch updates
On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote:
Steven, if you haven’t already, you should subscribe to
Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it.
This is mostly a community effort. There is no special dedicated squad of security champions.
|
||
|
|
||
|
Re: CVE patch updates
Monsees, Steven C (US)
Thanks Richard, will do…
From: Tim Orling <ticotimo@...>
Sent: Thursday, March 24, 2022 9:03 PM To: Richard Purdie <richard.purdie@...> Cc: Monsees, Steven C (US) <steven.monsees@...>; yocto@... Subject: Re: [yocto] CVE patch updates
On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote:
Steven, if you haven’t already, you should subscribe to
Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it.
This is mostly a community effort. There is no special dedicated squad of security champions.
|
||
|
|
||
|
bus service inactive issue
#yocto
sateesh m
Hi Team,
I am trying to start service dbus. I have built an image on riscv target machine. I want to access firewalld , firewalld service is running but dbus-deamon service also should be start to get a client response. I have built packages using gatesgarth branch systemd,dbus, firewalld installed. But facing problems. So natively installed systemd,dbus,dbus-broker but still service is inactive state only using systemctl I am trying to start services. issue : aded: loaded ([]8;;file://Unmatched-2.0.2/lib/systemd/system/dbus-broker.serviceG/lib/systemd/system/dbus-broker.service[]8;;G; enabled; vendor preset: enable
d)
Active: inactive (dead)
TriggeredBy: ○ dbus.socket
Docs: []8;;man:dbus-broker-launch(1)Gman:dbus-broker-launch(1)[]8;;G
Thanking you in advance. -- Regards, Sateesh |
||
|
|
||
|
Re: QA notification for completed autobuilder build (yocto-3.4.3.rc1)
Teoh, Jay Shen
Hi all,
toggle quoted message
Show quoted text
Intel and WR YP QA is planning for QA execution for YP build yocto-3.4.3.rc3. We are planning to execute following tests for this cycle: Please note that this is the rc3 build for 3.4.3, the rc number was marked to rc1 by mistake. OEQA-manual tests for following module: 1. OE-Core 2. BSP-hw Runtime auto test for following platforms: 1. MinnowTurbot 32-bit 2. Coffee Lake 3. NUC 7 4. NUC 6 5. Edgerouter 6. Beaglebone ETA for completion next Monday, March 28. Thanks, Jay -----Original Message----- |
||
|
|
||
|
Re: CVE patch updates
On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote: On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via Steven, if you haven’t already, you should subscribe to Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it. This is mostly a community effort. There is no special dedicated squad of security champions.
|
||
|
|
||
|
Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.4.3.rc2)
Teoh, Jay Shen
Noted. We will stop the QA for rc2.
toggle quoted message
Show quoted text
Thanks, Jay -----Original Message----- |
||
|
|
||
|
OpenEmbedded Happy Hour March 30 5pm/1700 UTC
Denys Dmytriyenko
All,
You are cordially invited to the next OpenEmbedded Happy Hour on March 30 for Europe/Americas timezones @ 1700/5pm UTC (1pm ET / 10am PT): https://www.openembedded.org/wiki/Calendar https://www.openembedded.org/wiki/Happy_Hours https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+March+30&iso=20220330T17 -- Regards, Denys Dmytriyenko <denis@...> PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964 Fingerprint: 25FC E4A5 8A72 2F69 1186 6D76 4209 0272 9A92 C964 |
||
|
|
||
|
Re: CVE patch updates
Richard Purdie
On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org wrote: You'll see output of cve-check on the yocto-security list for layers that are still in maintenance: https://lists.yoctoproject.org/g/yocto-security/messages although zeus is out of maintenance. We merge CVE fixes to the branches that are in maintenance. A graph showing the data over time: https://docs.google.com/spreadsheets/d/e/2PACX-1vRgNISmH0Ditf0bRtSezeR2XsgKIiSFJKF6KJUHpnzocNGzvKZbuSDKfmV3n64BFXDRqElBSJnhHtG4/pubchart?oid=1993375488&format=interactive Cheers, Richard |
||
|
|
||
|
Re: CVE patch updates
Monsees, Steven C (US)
So, my only change to my build is the INHERIT =+ “cve-check”… No issue seen until this line added…
Can someone tell me why when I build from scratch, clean, I see the following error ? Who’s certificate failure is being flagged ?
Initialising tasks: 100% |#######################################################################################| Time: 0:00:04 Checking sstate mirror object availability: 100% |###############################################################| Time: 0:00:00 Sstate summary: Wanted 2258 Found 2229 Missed 29 Current 0 (98% match, 0% complete) NOTE: Executing Tasks NOTE: Setscene tasks completed ERROR: cve-update-db-native-1.0-r0 do_populate_cve_db: Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was: File: 'exec_python_func() autogenerated', lineno: 2, function: <module> 0001: *** 0002:do_populate_cve_db(d) 0003: File: '/disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 69, function: do_populate_cve_db 0065: meta_url = year_url + ".meta" 0066: json_url = year_url + ".json.gz" 0067: 0068: # Retrieve meta last modified date *** 0069: response = urllib.request.urlopen(meta_url) 0070: if response: 0071: for l in response.read().decode("utf-8").splitlines(): 0072: key, value = l.split(":", 1) 0073: if key == "lastModifiedDate": File: '/usr/lib64/python3.6/urllib/request.py', lineno: 223, function: urlopen 0219: elif _opener is None: 0220: _opener = opener = build_opener() 0221: else: 0222: opener = _opener *** 0223: return opener.open(url, data, timeout) 0224: 0225:def install_opener(opener): 0226: global _opener 0227: _opener = opener File: '/usr/lib64/python3.6/urllib/request.py', lineno: 526, function: open 0522: for processor in self.process_request.get(protocol, []): 0523: meth = getattr(processor, meth_name) 0524: req = meth(req) 0525: *** 0526: response = self._open(req, data) 0527: 0528: # post-process response 0529: meth_name = protocol+"_response" 0530: for processor in self.process_response.get(protocol, []): File: '/usr/lib64/python3.6/urllib/request.py', lineno: 544, function: _open 0540: return result 0541: 0542: protocol = req.type 0543: result = self._call_chain(self.handle_open, protocol, protocol + *** 0544: '_open', req) 0545: if result: 0546: return result 0547: 0548: return self._call_chain(self.handle_open, 'unknown', File: '/usr/lib64/python3.6/urllib/request.py', lineno: 504, function: _call_chain 0500: # could. Otherwise, they return the response. 0501: handlers = chain.get(kind, ()) 0502: for handler in handlers: 0503: func = getattr(handler, meth_name) *** 0504: result = func(*args) 0505: if result is not None: 0506: return result 0507: 0508: def open(self, fullurl, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT): File: '/usr/lib64/python3.6/urllib/request.py', lineno: 1392, function: https_open 1388: self._check_hostname = check_hostname 1389: 1390: def https_open(self, req): 1391: return self.do_open(http.client.HTTPSConnection, req, *** 1392: context=self._context, check_hostname=self._check_hostname) 1393: 1394: https_request = AbstractHTTPHandler.do_request_ 1395: 1396: __all__.append('HTTPSHandler') File: '/usr/lib64/python3.6/urllib/request.py', lineno: 1351, function: do_open 1347: try: 1348: h.request(req.get_method(), req.selector, req.data, headers, 1349: encode_chunked=req.has_header('Transfer-encoding')) 1350: except OSError as err: # timeout error *** 1351: raise URLError(err) 1352: r = h.getresponse() 1353: except: 1354: h.close() 1355: raise Exception: urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)>
ERROR: Logfile of failure stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/work/x86_64-linux/cve-update-db-native/1.0-r0/temp/log.do_populate_cve_db.4499 ERROR: Task (/disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-core/meta/cve-update-db-native.bb:do_populate_cve_db) failed with exit code '1' NOTE: Tasks Summary: Attempted 5772 tasks of which 5228 didn't need to be rerun and 1 failed.
Summary: 1 task failed: /disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-core/meta/cve-update-db-native.bb:do_populate_cve_db Summary: There was 1 ERROR message shown, returning a non-zero exit code. 14:41 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>find . -name '_ssl.c' -print 14:47 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>
From: yocto@... <yocto@...>
On Behalf Of Monsees, Steven C (US) via lists.yoctoproject.org
Sent: Thursday, March 24, 2022 2:00 PM To: yocto@... Subject: Re: [yocto] CVE patch updates
When building in cve-check to see what is reported, it generated all blank/empty report files… Can someone explain this ?, my local.conf does have the proper modification (INHERIT += “cve-check”).
10:55 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default> bitbake -k sbca-defaultfs-full Parsing recipes: 100% |#############################################################################################| Time: 0:01:07 Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769 targets, 96 skipped, 0 masked, 0 errors. NOTE: Resolving any missing task queue dependencies
Build Configuration: BB_VERSION = "1.44.0" BUILD_SYS = "x86_64-linux" NATIVELSBSTRING = "rhel-7.9" TARGET_SYS = "x86_64-poky-linux" MACHINE = "sbca-default" DISTRO = "limws" DISTRO_VERSION = "3.0.4" TUNE_FEATURES = "m64 corei7" TARGET_FPU = "" meta meta-poky = "my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42" meta-perl meta-python meta-filesystems meta-networking meta-initramfs meta-oe = "zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b" meta-virtualization = "zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4" meta = "master:a32ddd2b2a51b26c011fa50e441df39304651503" meta-clang = "zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9" meta-intel = "zeus:d9942d4c3a710406b051852de7232db03c297f4e" meta-intel = "LIMWSSWARE-682-oews-meta-bae-clean-up:99f116056452f1fefe83fe458f533b48f52fe4ba"
Initialising tasks: 100% |##########################################################################################| Time: 0:00:04 Checking sstate mirror object availability: 100% |##################################################################| Time: 0:00:02 Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match, 0% complete) NOTE: Executing Tasks NOTE: Setscene tasks completed Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to be rerun and all succeeded.
13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve -rw-r--r--. 1 smonsees none 0 Mar 24 13:16 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve 13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve -rw-r--r--. 1 smonsees none 0 Mar 24 13:17 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve 13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>
13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>ls -l total 0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native 13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>
From: Monsees, Steven C (US)
I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?
Is there a yocto page somewhere that goes over this side of things ?, I did not see much in the mega-manual… I am running on zeus based platforms (for both armarch64 and x86_64).
Thanks, Steve |
||
|
|
||
|
Re: CVE patch updates
Monsees, Steven C (US)
When building in cve-check to see what is reported, it generated all blank/empty report files… Can someone explain this ?, my local.conf does have the proper modification (INHERIT += “cve-check”).
10:55 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default> bitbake -k sbca-defaultfs-full Parsing recipes: 100% |#############################################################################################| Time: 0:01:07 Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769 targets, 96 skipped, 0 masked, 0 errors. NOTE: Resolving any missing task queue dependencies
Build Configuration: BB_VERSION = "1.44.0" BUILD_SYS = "x86_64-linux" NATIVELSBSTRING = "rhel-7.9" TARGET_SYS = "x86_64-poky-linux" MACHINE = "sbca-default" DISTRO = "limws" DISTRO_VERSION = "3.0.4" TUNE_FEATURES = "m64 corei7" TARGET_FPU = "" meta meta-poky = "my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42" meta-perl meta-python meta-filesystems meta-networking meta-initramfs meta-oe = "zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b" meta-virtualization = "zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4" meta = "master:a32ddd2b2a51b26c011fa50e441df39304651503" meta-clang = "zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9" meta-intel = "zeus:d9942d4c3a710406b051852de7232db03c297f4e" meta-intel = "LIMWSSWARE-682-oews-meta-bae-clean-up:99f116056452f1fefe83fe458f533b48f52fe4ba"
Initialising tasks: 100% |##########################################################################################| Time: 0:00:04 Checking sstate mirror object availability: 100% |##################################################################| Time: 0:00:02 Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match, 0% complete) NOTE: Executing Tasks NOTE: Setscene tasks completed Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to be rerun and all succeeded.
13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve -rw-r--r--. 1 smonsees none 0 Mar 24 13:16 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve 13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve -rw-r--r--. 1 smonsees none 0 Mar 24 13:17 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve 13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>
13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>ls -l total 0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native 13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>
From: Monsees, Steven C (US)
Sent: Thursday, March 24, 2022 12:56 PM To: yocto@... Subject: CVE patch updates
I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?
Is there a yocto page somewhere that goes over this side of things ?, I did not see much in the mega-manual… I am running on zeus based platforms (for both armarch64 and x86_64).
Thanks, Steve |
||
|
|
||
|
CVE patch updates
Monsees, Steven C (US)
I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?
Is there a yocto page somewhere that goes over this side of things ?, I did not see much in the mega-manual… I am running on zeus based platforms (for both armarch64 and x86_64).
Thanks, Steve |
||
|
|
||
|
Minutes: Yocto Project Weekly Triage Meeting 3/24/2022
Trevor Gamblin
Wiki: https://wiki.yoctoproject.org/wiki/Bug_Triage Attendees: Alexandre, Bruce, Jon, Joshua, Luca, Randy,
Richard, Saul, Stephen, Steve, Tim, Trevor ARs: - Randy to ask Sakib to update his Old Milestone bugs Notes:
- ~43% of AB workers have been switched to SSDs. Failure rate
appears lower, but still TBD. More coming soon! Medium+ 3.5 Unassigned Enhancements/Bugs: 18 (Last week 68) Medium+ 3.6 Unassigned Enhancements/Bugs: 60 (Last week
10) AB Bugs: 65
(Last week 72)
|
||
|
|
||
|
QA notification for completed autobuilder build (yocto-3.4.3.rc1)
Pokybuild User <pokybuild@...>
A build flagged for QA (yocto-3.4.3.rc1) was completed on the autobuilder and is available at:
https://autobuilder.yocto.io/pub/releases/yocto-3.4.3.rc1 Build hash information: bitbake: 43dcb2b2a2b95a5c959be57bca94fb7190ea6257 meta-agl: dd8e34ef5383d95d941a3afc9a03d3fcbba699dd meta-arm: 33bbdc67f2ed7189398292ff58a7fee42a85a166 meta-aws: c92344938ab4d37de8bd8b799186dbbe3019a069 meta-gplv2: f04e4369bf9dd3385165281b9fa2ed1043b0e400 meta-intel: fb9e0633614dbf956da185d291333bcc1b137e5a meta-mingw: f5d761cbd5c957e4405c5d40b0c236d263c916a8 meta-openembedded: 061b7fc74f887454251307ef119b808a90654d3f oecore: ebca8f3ac9372b7ebb3d39e8f7f930b63b481448 poky: ee68ae307fd951b9de6b31dc6713ea29186b7749 This is an automated message from the Yocto Project Autobuilder Git: git://git.yoctoproject.org/yocto-autobuilder2 Email: richard.purdie@... |
||
|
|
||
|
Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.4.3.rc2)
Richard Purdie
On Thu, 2022-03-24 at 02:35 +0000, Pokybuild User wrote:
A build flagged for QA (yocto-3.4.3.rc2) was completed on the autobuilder and is available at:Could QA please hold off this as I think we're going to fix an issue seen in rc1 and build an rc3. Thanks! (and we now have working automated list notifications again which is great!) Cheers, Richard |
||
|
|
||
|
Re: Strange sporadic build issues (incremental builds in docker container)
Alexander Kanavin
I don't. You need to inspect the build tree to find clues why the
toggle quoted message
Show quoted text
patch was applied twice. Or simpy wipe tmp/ before builds, if your sstate works properly that won't make the builds longer. Alex On Thu, 24 Mar 2022 at 07:43, Matthias Klein <matthias.klein@...> wrote:
|
||
|
|