From: Robert Yang <liezhi.yang@...>

Modify LICENSE for ding-libs and libmhash.

Signed-off-by: Joe Slater <joe.slater@...>
---
recipes-security/libdhash/ding-libs_0.6.1.bb | 2 +-
recipes-security/libmhash/libmhash_0.9.9.9.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-security/libdhash/ding-libs_0.6.1.bb b/recipes-security/libdhash/ding-libs_0.6.1.bb
index 6046fa0..843850f 100644
--- a/recipes-security/libdhash/ding-libs_0.6.1.bb
+++ b/recipes-security/libdhash/ding-libs_0.6.1.bb
@@ -2,7 +2,7 @@ SUMMARY = "Dynamic hash table implementation"
DESCRIPTION = "Dynamic hash table implementation"
HOMEPAGE = "https://fedorahosted.org/released/ding-libs"
SECTION = "base"
-LICENSE = "GPLv3+"
+LICENSE = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"

SRC_URI = "https://fedorahosted.org/released/${BPN}/${BP}.tar.gz"
diff --git a/recipes-security/libmhash/libmhash_0.9.9.9.bb b/recipes-security/libmhash/libmhash_0.9.9.9.bb
index 9b34cb1..35c5ff8 100644
--- a/recipes-security/libmhash/libmhash_0.9.9.9.bb
+++ b/recipes-security/libmhash/libmhash_0.9.9.9.bb
@@ -7,7 +7,7 @@ DESCRIPTION = "\
"
HOMEPAGE = "http://mhash.sourceforge.net/"

-LICENSE = "LGPLv2.0"
+LICENSE = "LGPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7"

S = "${WORKDIR}/mhash-${PV}"
--
2.35.1

Can you please attach log.do_patch where the problem can be seen?

Alex

I'll send again for ding-libs and libmhash. Joe

On 3/29/22 09:18, Joe Slater wrote:

Correct LICENSE for samhain, ecrypt-utils, ding-libs,
libmhash, and sssd.

Signed-off-by: Joe Slater <joe.slater@...>
---
recipes-ids/samhain/samhain.inc | 2 +-
recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb | 2 +-
recipes-security/libdhash/ding-libs_0.6.1.bb | 2 +-
recipes-security/libmhash/libmhash_0.9.9.9.bb | 2 +-
recipes-security/sssd/sssd_2.5.2.bb | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)

Mater-next has these.

https://git.yoctoproject.org/meta-security/commit/?h=master-next&id=ece41f7543bbd42c57f4208c7309f90cbd02e852

Looks like a few more need to be added based on these changes.

-armin

diff --git a/recipes-ids/samhain/samhain.inc b/recipes-ids/samhain/samhain.inc
index 077e118..fe0718d 100644
--- a/recipes-ids/samhain/samhain.inc
+++ b/recipes-ids/samhain/samhain.inc
@@ -1,6 +1,6 @@
DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis"
HOMEPAGE = "http://www.la-samhna.de/samhain/"
-LICENSE = "GPLv2"
+LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"
PV = "4.4.6"
diff --git a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
index 9aefc32..5f8cf3c 100644
--- a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+++ b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
@@ -6,7 +6,7 @@ DESCRIPTION = "eCryptfs is a stacked cryptographic filesystem \
HOMEPAGE = "https://launchpad.net/ecryptfs"
SECTION = "base"
-LICENSE = "GPL-2.0"
+LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
DEPENDS = "keyutils libgcrypt intltool-native glib-2.0-native"
diff --git a/recipes-security/libdhash/ding-libs_0.6.1.bb b/recipes-security/libdhash/ding-libs_0.6.1.bb
index 6046fa0..843850f 100644
--- a/recipes-security/libdhash/ding-libs_0.6.1.bb
+++ b/recipes-security/libdhash/ding-libs_0.6.1.bb
@@ -2,7 +2,7 @@ SUMMARY = "Dynamic hash table implementation"
DESCRIPTION = "Dynamic hash table implementation"
HOMEPAGE = "https://fedorahosted.org/released/ding-libs"
SECTION = "base"
-LICENSE = "GPLv3+"
+LICENSE = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
SRC_URI = "https://fedorahosted.org/released/${BPN}/${BP}.tar.gz"
diff --git a/recipes-security/libmhash/libmhash_0.9.9.9.bb b/recipes-security/libmhash/libmhash_0.9.9.9.bb
index 9b34cb1..35c5ff8 100644
--- a/recipes-security/libmhash/libmhash_0.9.9.9.bb
+++ b/recipes-security/libmhash/libmhash_0.9.9.9.bb
@@ -7,7 +7,7 @@ DESCRIPTION = "\
"
HOMEPAGE = "http://mhash.sourceforge.net/"
-LICENSE = "LGPLv2.0"
+LICENSE = "LGPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7"
S = "${WORKDIR}/mhash-${PV}"
diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb
index 8bc8787..9f1d627 100644
--- a/recipes-security/sssd/sssd_2.5.2.bb
+++ b/recipes-security/sssd/sssd_2.5.2.bb
@@ -2,7 +2,7 @@ SUMMARY = "system security services daemon"
DESCRIPTION = "SSSD is a system security services daemon"
HOMEPAGE = "https://pagure.io/SSSD/sssd/"
SECTION = "base"
-LICENSE = "GPLv3+"
+LICENSE = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
DEPENDS = "acl attr openldap cyrus-sasl libtdb ding-libs libpam c-ares krb5 autoconf-archive"

On 3/27/22 19:25, Chen Qi wrote:

setuptools_build_meta has been renamed to python_setuptools_build_meta.

Signed-off-by: Chen Qi <Qi.Chen@...>
---
.../recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
index cf6d531..9659323 100644
--- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
+++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
@@ -13,7 +13,7 @@ SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=
file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \
"
-inherit setuptools_build_meta
+inherit python_setuptools_build_meta

I believe this is sitting in master-next.
https://git.yoctoproject.org/meta-security/commit/?h=master-next&id=398047a7a6310b1ef70d22430fb6df4effd8cf92

S = "${WORKDIR}/git"

On Thu 2022-03-24 @ 09:31:25 AM, Alexander Kanavin wrote:

I don't. You need to inspect the build tree to find clues why the
patch was applied twice. Or simpy wipe tmp/ before builds, if your
sstate works properly that won't make the builds longer.

Alex

On Thu, 24 Mar 2022 at 07:43, Matthias Klein <matthias.klein@...> wrote:

Hello Alex,

it occurred again:

NOTE: recipe gawk-5.1.1-r0: task do_patch: Succeeded
NOTE: Running task 1673 of 4524 (/var/jenkins_home/workspace/yocto-raspberrypi/yocto/poky/meta/recipes-devtools/python/python3-six_1.16.0.bb:do_patch)
NOTE: recipe firstboot-1.0-r0: task do_populate_sysroot: Started
NOTE: recipe keymaps-1.0-r31: task do_patch: Started
NOTE: recipe python3-six-1.16.0-r0: task do_patch: Started
NOTE: recipe python3-six-1.16.0-r0: task do_patch: Succeeded
NOTE: Running task 1676 of 4524 (/var/jenkins_home/workspace/yocto-raspberrypi/yocto/poky/meta/recipes-devtools/perl/perl_5.34.1.bb:do_patch)
NOTE: recipe e2fsprogs-1.46.5-r0: task do_patch: Succeeded
ERROR: keymaps-1.0-r31 do_patch: Applying patch 'GPLv2.patch' on target directory '/var/jenkins_home/workspace/yocto-raspberrypi/build/tmp/work/raspberrypi3_64-poky-linux/keymaps/1.0-r31'
CmdError('quilt --quiltrc /var/jenkins_home/workspace/yocto-raspberrypi/build/tmp/work/raspberrypi3_64-poky-linux/keymaps/1.0-r31/recipe-sysroot-native/etc/quiltrc push', 0, 'stdout:
stderr: File series fully applied, ends at patch GPLv2.patch
')
ERROR: Logfile of failure stored in: /var/jenkins_home/workspace/yocto-raspberrypi/build/tmp/work/raspberrypi3_64-poky-linux/keymaps/1.0-r31/temp/log.do_patch.353982
NOTE: recipe keymaps-1.0-r31: task do_patch: Failed
NOTE: Running task 1679 of 4524 (/var/jenkins_home/workspace/yocto-raspberrypi/yocto/poky/meta/recipes-bsp/alsa-state/alsa-state.bb:do_patch)
ERROR: Task (/var/jenkins_home/workspace/yocto-raspberrypi/yocto/poky/meta/recipes-bsp/keymaps/keymaps_1.0.bb:do_patch) failed with exit code '1'

Do you have an idea?

Best regards,
Matthias

-----Ursprüngliche Nachricht-----
Von: Alexander Kanavin <alex.kanavin@...>
Gesendet: Dienstag, 22. März 2022 10:26
An: Matthias Klein <matthias.klein@...>
Cc: yocto@...
Betreff: Re: [yocto] Strange sporadic build issues (incremental builds in docker container)

It's hard to say without the full error message, and the build directory of the affected recipe. The easy way out is to simply wipe tmp/ before each build.

Alex

On Tue, 22 Mar 2022 at 09:51, Matthias Klein <matthias.klein@...> wrote:

Hello together,

I am building various kirkstone/master yoctos every night via Jenkins inside a Debian Bullseye Docker container.
These are incremental builds, reusing the build directory and sstate-cache of the previous build. The different yoctos are built in order. Each time, a new Docker container is launched.
(The same environment builds dunfell yoctos without any problems).

Now it happens sporadically that one of the builds aborts with the following message:

stderr: The series file no longer matches the applied patches. Please run 'quilt pop -a'.

They are usually alternating packages where the patch step fails with the above message. Also different yoctos are affected. But it is always the above message.
If I then restart the failed build it usually builds cleanly.

Does anyone have an idea in which direction the problem goes?

Yes I've been seeing exactly these issues as well.

I'm not using any sort of virtualization, I'm using Jenkins to do nightly
builds directly on my host. My host machine is openSUSE 15.3. These problems
started on Feb 21 for me.

Each of my builds starts by doing a "git pull" on each of the repositories,
then kicks off a build if any of the repositories changed. A fresh build will
always succeed. Doing a "clean" and rebuilding will (I believe) always
succeed. My gut feeling is that it somehow has something to do with having an
existing build, refreshing the repositories, then rebuilding.

I spent weeks trying to find a reproducer. I wrote a script to checkout one
version of the repositories (before), build, checkout a newer version of the
repositories (after) and rebuilding. Even in cases where I used the exact same
hashes that had failed on my Jenkins build and repeating 20 times, in some
cases I wasn't able to reproduce the error. I was able to find 1 reproducer
involving a build for an imx28evk MACHINE, but even then after 20 iterations
13 were bad and 7 were good. I repeated that set of 20 builds many times and
it was never 100% bad.

My investigations led me to believe that it might be related to rm_work and/or
BB_NUMBER_THREADS/PARALLEL_MAKE. In my Jenkins builds I enable 'INHERIT +=
"rm_work"' and I also limit the BB_NUMBER_THREADS and set PARALLEL_MAKE. On
the cmdline I was able to reduce the number of failures (sometimes to none) by
removing the rm_work and THREADS/PARALLEL, but never completely eliminate it.
In Jenkins the build failures still felt as random as they were without the
change, so I can't say that it's having much effect in Jenkins, but seems to
have some effect on the cmdline.

I can say this with certainty: Matthias says it seems that the specific
recipe that fails is random, but it's not. In every case the recipe that fails
is a recipe whose source files are contained in the meta layer itself. For me
the failing recipes were always:
modutils-initscripts
initscripts

If you look at the recipes for those packages they do not have a SRC_URI that
fetches code from some remote location then uses quilt to apply some patches.
In both cases all of the "source" code exists in the layer itself, and somehow
quilt is involved in placing them in the build area.

I have dozens and dozens of these failures recorded and it is always with a
recipe that follows that pattern. But 99%-ish percent of the failures are with
the two packages I listed above.

The failures aren't related to days when those packages change. The failures
are just... sporadic.

So the issue is related to:
- recipes with in-layer sources
- quilt (being run twice (?))
- updating layers, and rebuilding in a build area with an existing build
- Feb 21 2022 (or thereabouts)

The issue might be related to:
- jenkins?
- my build host?
- rm_work?
- BB_NUMBER_THREADS?
- PARALLEL_MAKE?

Correct LICENSE for samhain, ecrypt-utils, ding-libs,
libmhash, and sssd.

Signed-off-by: Joe Slater <joe.slater@...>
---
recipes-ids/samhain/samhain.inc | 2 +-
recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb | 2 +-
recipes-security/libdhash/ding-libs_0.6.1.bb | 2 +-
recipes-security/libmhash/libmhash_0.9.9.9.bb | 2 +-
recipes-security/sssd/sssd_2.5.2.bb | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/recipes-ids/samhain/samhain.inc b/recipes-ids/samhain/samhain.inc
index 077e118..fe0718d 100644
--- a/recipes-ids/samhain/samhain.inc
+++ b/recipes-ids/samhain/samhain.inc
@@ -1,6 +1,6 @@
DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis"
HOMEPAGE = "http://www.la-samhna.de/samhain/"
-LICENSE = "GPLv2"
+LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"

PV = "4.4.6"
diff --git a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
index 9aefc32..5f8cf3c 100644
--- a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+++ b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
@@ -6,7 +6,7 @@ DESCRIPTION = "eCryptfs is a stacked cryptographic filesystem \
HOMEPAGE = "https://launchpad.net/ecryptfs"
SECTION = "base"

-LICENSE = "GPL-2.0"
+LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"

DEPENDS = "keyutils libgcrypt intltool-native glib-2.0-native"
diff --git a/recipes-security/libdhash/ding-libs_0.6.1.bb b/recipes-security/libdhash/ding-libs_0.6.1.bb
index 6046fa0..843850f 100644
--- a/recipes-security/libdhash/ding-libs_0.6.1.bb
+++ b/recipes-security/libdhash/ding-libs_0.6.1.bb
@@ -2,7 +2,7 @@ SUMMARY = "Dynamic hash table implementation"
DESCRIPTION = "Dynamic hash table implementation"
HOMEPAGE = "https://fedorahosted.org/released/ding-libs"
SECTION = "base"
-LICENSE = "GPLv3+"
+LICENSE = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"

SRC_URI = "https://fedorahosted.org/released/${BPN}/${BP}.tar.gz"
diff --git a/recipes-security/libmhash/libmhash_0.9.9.9.bb b/recipes-security/libmhash/libmhash_0.9.9.9.bb
index 9b34cb1..35c5ff8 100644
--- a/recipes-security/libmhash/libmhash_0.9.9.9.bb
+++ b/recipes-security/libmhash/libmhash_0.9.9.9.bb
@@ -7,7 +7,7 @@ DESCRIPTION = "\
"
HOMEPAGE = "http://mhash.sourceforge.net/"

-LICENSE = "LGPLv2.0"
+LICENSE = "LGPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=3bf50002aefd002f49e7bb854063f7e7"

S = "${WORKDIR}/mhash-${PV}"
diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb
index 8bc8787..9f1d627 100644
--- a/recipes-security/sssd/sssd_2.5.2.bb
+++ b/recipes-security/sssd/sssd_2.5.2.bb
@@ -2,7 +2,7 @@ SUMMARY = "system security services daemon"
DESCRIPTION = "SSSD is a system security services daemon"
HOMEPAGE = "https://pagure.io/SSSD/sssd/"
SECTION = "base"
-LICENSE = "GPLv3+"
+LICENSE = "GPL-3.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"

DEPENDS = "acl attr openldap cyrus-sasl libtdb ding-libs libpam c-ares krb5 autoconf-archive"
--
2.35.1

These tests now skip themselves automatically[1] if meta-oe isn't
present, so there is no need to explicitly skip them.

[1] oe-core d22ed015d8f38241acb783e1a468fb15d4317670

Signed-off-by: Ross Burton <ross.burton@...>
---
config.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config.json b/config.json
index 6a77ca8..2ac151d 100644
--- a/config.json
+++ b/config.json
@@ -190,7 +190,7 @@
},
"step2" : {
"shortname" : "OE Selftest",
- "EXTRACMDS" : ["${SCRIPTSDIR}/checkvnc; OEQA_DEBUGGING_S=
AVED_OUTPUT=3D${BASE_SHAREDDIR}/pub/repro-fail/ DISPLAY=3D:1 oe-selftest =
--skip-tests distrodata.Distrodata.test_checkpkg buildoptions.SourceMirro=
ring.test_yocto_source_mirror devtool.DevtoolAddTests.test_devtool_add_np=
m recipetool.RecipetoolTests.test_recipetool_create_npm reproducible -T m=
achine -T toolchain-user -T toolchain-system -j 15"],
+ "EXTRACMDS" : ["${SCRIPTSDIR}/checkvnc; OEQA_DEBUGGING_S=
AVED_OUTPUT=3D${BASE_SHAREDDIR}/pub/repro-fail/ DISPLAY=3D:1 oe-selftest =
--skip-tests distrodata.Distrodata.test_checkpkg buildoptions.SourceMirro=
ring.test_yocto_source_mirror reproducible -T machine -T toolchain-user -=
T toolchain-system -j 15"],
"ADDLAYER" : ["${BUILDDIR}/../meta-selftest"]
},
"step3" : {
@@ -407,7 +407,7 @@
"extravars" : [
"RPM_GPG_SIGN_CHUNK =3D '1'"
],
- "EXTRACMDS" : ["${SCRIPTSDIR}/checkvnc; DISPLAY=3D:1 oe-=
selftest --skip-tests distrodata.Distrodata.test_checkpkg buildoptions.So=
urceMirroring.test_yocto_source_mirror devtool.DevtoolAddTests.test_devto=
ol_add_npm recipetool.RecipetoolTests.test_recipetool_create_npm -T machi=
ne -T toolchain-user -T toolchain-system -j 15"],
+ "EXTRACMDS" : ["${SCRIPTSDIR}/checkvnc; DISPLAY=3D:1 oe-=
selftest --skip-tests distrodata.Distrodata.test_checkpkg buildoptions.So=
urceMirroring.test_yocto_source_mirror -T machine -T toolchain-user -T to=
olchain-system -j 15"],
"ADDLAYER" : ["${BUILDDIR}/../meta-selftest"]
}
},
--=20
2.25.1

Hi Jupiter,

On Tue, Mar 29, 2022 at 3:16 AM JH <jupiter.hce@...> wrote:

Hi,

I could not understand why so many large WiFi chip vendors retreat to
stop maintaining WiFi SDIO chips to mainline Linux kernel, and to
settle it's chip support to out of the tree, use its own SDK and
proprietary kernel tree to source.codeaurora.org or private repository
which are not compatible to mainline stable kernel, the kernel
configures are also different.

I looked at the following link, the mwifiex and mwifiex_sdio support
the Marvell (NXP) 88W88 chipset, but only kernel 4.19 was able to
build and to run, kernel 5 cannot support 88W88 chipset, any more.
Same to Qualcomm, the old Atheros WiFi modules are supported, the
QCA-9377-3 chipset is in source.codeaurora.org only supported by old
kernel 4.9.

The QCA9377 is well supported in the mainline kernel by the ath10k driver:
drivers/net/wireless/ath/ath10k/

Just use 5.10 or 5.15 stable tree and there will be no need to use an
out-of-tree driver for QCA9377.

Hi,

I could not understand why so many large WiFi chip vendors retreat to
stop maintaining WiFi SDIO chips to mainline Linux kernel, and to
settle it's chip support to out of the tree, use its own SDK and
proprietary kernel tree to source.codeaurora.org or private repository
which are not compatible to mainline stable kernel, the kernel
configures are also different.

I looked at the following link, the mwifiex and mwifiex_sdio support
the Marvell (NXP) 88W88 chipset, but only kernel 4.19 was able to
build and to run, kernel 5 cannot support 88W88 chipset, any more.
Same to Qualcomm, the old Atheros WiFi modules are supported, the
QCA-9377-3 chipset is in source.codeaurora.org only supported by old
kernel 4.9.

Given the OE/Yocto poky kernel build is based on a mainline stable
kernel repository, how can I build kernel 5 for 88W88 chipset or
QCA-9377-3 from source.codeaurora.org or private repository? Or which
WiFi vendors are still well maintaining the WiFi chips for kernel 5,
the only sensible solution is to switch WiFi SDIO chips? Appreciate
your advice and comments.

https://wireless.wiki.kernel.org/en/users/drivers

Thank you very much.

Kind regards,

jupiter

Hi,

In my system I have two displays (virtual) with different resolution
first: 1080x1920 (portrait orientation)
second: 640x720

When psplash is run, it shows boot animation with resolution 640x720 on the first display too:

+-----------+-----+
| | |
| psplash | |
| | |
| | |
+-----------+ |
| |
| |
| Display 1 |
| |
| |
+-----------------+

+-----------+
| |
| psplash |
| Display 2 |
| |
+-----------+

Can we achieve 1080x1920 resolution on Display 1? I worth case I don't need boot animation on display 2. Is DRM/KMS backend needed for that?

Kind regards,
Vasyl

Hello everyone,

This is the full report for yocto-3.4.3.rc3:
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults

======= Summary ========
No high milestone defects.

No new issue found.

Thanks,
Jay

On Sun, 2022-03-27 at 23:39 -0700, sateesh m wrote:

Hi Team,

                I have built a custom image core-image-base on riscv
target machine installed nftables,firewalld,JSON packages support. I
am using firewalld_0.9.3 sources depends nftables-python is present.
But I am getting error python-nftables. Can you please guide me on
what dependent I missed here? If suppose firewalld should work means,
What packages should  I install?  

But while running firewalld status is always failed mode.  
Using $firewall-cmd --reload  I am facing a  problem

Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0:
Error: Could not process rule: No such file or directory
 

Judging by this stack exchange thread[1] from a quick search, you might
be missing the appropriate kernel configs[2].

[1]: https://unix.stackexchange.com/questions/632113
[2]: https://wiki.gentoo.org/wiki/Nftables#Kernel

 
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -
290}}}, {"add": {"chain": {"family": "inet", "table": "firewalld",
"name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting",
"prio": -140}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"mangle_PREROUTING", "expr": [{"jump": {"target":
"mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}},
{"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"mangle_PREROUTING", "expr": [{"jump": {"target":
"mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}},
{"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"mangle_PREROUTING", "expr": [{"jump": {"target":
"mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat",
"hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}},
{"add": {"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PREROUTING", "expr": [{"jump": {"target":
"nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}},
{"add": {"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PREROUTING", "expr": [{"jump": {"target":
"nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}},
{"add": {"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PREROUTING", "expr": [{"jump": {"target":
"nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat",
"hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name":
"nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING",
"type": "nat", "hook": "prerouting", "prio": -90}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump":
{"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump":
{"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name":
"nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump":
{"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING",
"type": "nat", "hook": "postrouting", "prio": 110}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr":
[{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_INPUT", "type": "filter", "hook": "input", "prio": 10}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FORWARD", "type": "filter", "hook": "forward", "prio": 10}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_OUTPUT", "type": "filter", "hook": "output", "prio": 10}}},
{"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}},
"op": "in", "right": {"set": ["established", "related"]}}},
{"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left":
{"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_INPUT", "expr": [{"match": {"left": {"meta": {"key":
"iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_INPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump":
{"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_INPUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target":
"filter_INPUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_INPUT_POLICIES_post"}}},
{"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_INPUT", "expr": [{"jump": {"target":
"filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_INPUT", "expr":
[{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right":
{"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_INPUT",
"expr": [{"reject": {"type": "icmpx", "expr": "admin-
prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left":
{"ct": {"key": "state"}}, "op": "in", "right": {"set":
["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_FORWARD",
"expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in",
"right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FORWARD", "expr":
[{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==",
"right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name":
"filter_FORWARD_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump":
{"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_FORWARD_IN_ZONES"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump":
{"target": "filter_FORWARD_IN_ZONES"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_FORWARD_OUT_ZONES"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump":
{"target": "filter_FORWARD_OUT_ZONES"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_FORWARD_POLICIES_post"}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FORWARD", "expr":
[{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key":
"state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_FORWARD", "expr": [{"reject": {"type": "icmpx",
"expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"match":
{"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}},
{"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_OUTPUT_POLICIES_pre"}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_OUTPUT", "expr": [{"jump": {"target":
"filter_OUTPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name":
"filter_OUTPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump":
{"target": "filter_OUTPUT_POLICIES_post"}}]}}}, {"insert": {"rule":
{"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING",
"expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==",
"right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr",
"iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop":
null}]}}}, {"insert": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left":
{"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==",
"right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}},
{"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_OUTPUT", "index": 0, "expr": [{"match":
{"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op":
"==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}},
{"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix":
{"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr":
"2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len":
24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix":
{"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr":
"2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len":
19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-
unreachable"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD", "index": 2, "expr":
[{"match": {"left": {"payload": {"protocol": "ip6", "field":
"daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr":
"::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0",
"len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}},
{"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr":
"2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len":
28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix":
{"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr":
"2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr":
"addr-unreachable"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_IN_public"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_public_pre"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_IN_public_log"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_public_deny"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_IN_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_public_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump":
{"target": "filter_IN_public_pre"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_IN_public", "expr":
[{"jump": {"target": "filter_IN_public_log"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_IN_public",
"expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_IN_public", "expr": [{"jump": {"target":
"filter_IN_public_allow"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump":
{"target": "filter_IN_public_post"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_IN_public_allow",
"expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field":
"dport"}}, "op": "==", "right": 22}}, {"match": {"left": {"ct":
{"key": "state"}}, "op": "in", "right": {"set": ["new",
"untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_IN_public_allow",
"expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field":
"daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len":
64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field":
"dport"}}, "op": "==", "right": 546}}, {"match": {"left": {"ct":
{"key": "state"}}, "op": "in", "right": {"set": ["new",
"untracked"]}}}, {"accept": null}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDO_public"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_public_pre"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDO_public_log"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_public_deny"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDO_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_public_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDO_public", "expr":
[{"jump": {"target": "filter_FWDO_public_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_FWDO_public", "expr": [{"jump": {"target":
"filter_FWDO_public_log"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDO_public", "expr":
[{"jump": {"target": "filter_FWDO_public_deny"}}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_FWDO_public", "expr": [{"jump": {"target":
"filter_FWDO_public_allow"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDO_public", "expr":
[{"jump": {"target": "filter_FWDO_public_post"}}]}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_POST_public"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_POST_public_post"}}}, {"add":
{"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump":
{"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_POST_public", "expr":
[{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain": "nat_POST_public",
"expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add":
{"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POST_public_log"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump":
{"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_POST_public", "expr":
[{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_POST_public",
"expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add":
{"rule": {"family": "ip6", "table": "firewalld", "chain":
"nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump":
{"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDI_public"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_public_pre"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDI_public_log"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_public_deny"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDI_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_public_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_public", "expr":
[{"jump": {"target": "filter_FWDI_public_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_FWDI_public", "expr": [{"jump": {"target":
"filter_FWDI_public_log"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_public", "expr":
[{"jump": {"target": "filter_FWDI_public_deny"}}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_FWDI_public", "expr": [{"jump": {"target":
"filter_FWDI_public_allow"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_public", "expr":
[{"jump": {"target": "filter_FWDI_public_post"}}]}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_public"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add":
{"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump":
{"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_PRE_public", "expr":
[{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain": "nat_PRE_public",
"expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add":
{"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump":
{"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr":
[{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public",
"expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add":
{"rule": {"family": "ip6", "table": "firewalld", "chain":
"nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "mangle_PRE_public"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_public_pre"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "mangle_PRE_public_log"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_public_deny"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "mangle_PRE_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_public_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump":
{"target": "mangle_PRE_public_pre"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr":
[{"jump": {"target": "mangle_PRE_public_log"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_public", "expr": [{"jump": {"target":
"mangle_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump":
{"target": "mangle_PRE_public_allow"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_public", "expr": [{"jump": {"target":
"mangle_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_IN_public", "index": 4,
"expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==",
"right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_FWDI_public", "index": 4, "expr": [{"match": {"left":
{"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp",
"icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr":
[{"goto": {"target": "filter_IN_public"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_FORWARD_OUT_ZONES", "expr": [{"goto": {"target":
"filter_FWDO_public"}}]}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr":
[{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_POSTROUTING_ZONES", "expr": [{"goto": {"target":
"nat_POST_public"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"goto":
{"target": "filter_FWDI_public"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr":
[{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_PREROUTING_ZONES", "expr": [{"goto": {"target":
"nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"goto":
{"target": "mangle_PRE_public"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-
ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld",
"name": "filter_IN_policy_allow-host-ipv6_pre"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_IN_policy_allow-host-ipv6_log"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_IN_policy_allow-host-ipv6_deny"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_IN_policy_allow-host-ipv6_allow"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_IN_policy_allow-host-ipv6_post"}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-
host-ipv6"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-
ipv6_deny"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}},
{"add": {"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-
ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-
ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr":
[{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}},
{"add": {"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-
ipv6_pre"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-
ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-
ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr":
[{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}},
{"add": {"rule": {"family": "ip6", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"mangle_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-
ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_log"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"mangle_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"mangle_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_post"}}]}}}, {"insert": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_INPUT_POLICIES_pre", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule":
{"family": "ip", "table": "firewalld", "chain":
"nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left":
{"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}},
{"match": {"left": {"payload": {"protocol": "icmpv6", "field":
"type"}}, "op": "==", "right": "nd-neighbor-advert"}}, {"accept":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match":
{"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}},
{"match": {"left": {"payload": {"protocol": "icmpv6", "field":
"type"}}, "op": "==", "right": "nd-neighbor-solicit"}}, {"accept":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match":
{"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}},
{"match": {"left": {"payload": {"protocol": "icmpv6", "field":
"type"}}, "op": "==", "right": "nd-router-advert"}}, {"accept":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match":
{"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}},
{"match": {"left": {"payload": {"protocol": "icmpv6", "field":
"type"}}, "op": "==", "right": "nd-redirect"}}, {"accept":
null}]}}}]}
 

--
Regards,
Sateesh