Date   

Enhancements/Bugs closed WW13!

Stephen Jolley
 

All,

The below were the owners of enhancements or bugs closed during the last week!

Who

Count

david.reyna@...

8

alexandre.belloni@...

4

randy.macleod@...

4

richard.purdie@...

1

saul.wold@...

1

Grand Total

18

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Current high bug count owners for Yocto Project 3.5

Stephen Jolley
 

All,

Below is the list as of top 39 bug owners as of the end of WW13 of who have open medium or higher bugs and enhancements against YP 3.5.   There are 23 possible work days left until the final release candidates for YP 3.5 needs to be released.

Who

Count

michael.opdenacker@...

34

ross@...

26

randy.macleod@...

15

tim.orling@...

12

richard.purdie@...

11

bruce.ashfield@...

11

david.reyna@...

11

mhalstead@...

8

trevor.gamblin@...

7

bluelightning@...

6

sakib.sajal@...

6

chee.yang.lee@...

4

JPEWhacker@...

4

hongxu.jia@...

3

Qi.Chen@...

2

kai.kang@...

2

pgowda.cve@...

2

saul.wold@...

2

mshah@...

2

akuster808@...

2

jon.mason@...

1

mostthingsweb@...

1

alexandre.belloni@...

1

yi.zhao@...

1

sundeep.kokkonda@...

1

pokylinux@...

1

pavel@...

1

raj.khem@...

1

andrei@...

1

aehs29@...

1

thomas.perrot@...

1

matthewzmd@...

1

TicoTimo@...

1

nicolas.dechesne@...

1

jaskij@...

1

mark.hatle@...

1

open.source@...

1

john.kaldas.enpj@...

1

alejandro@...

1

Grand Total

189

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 400 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now,  “3.5, “3.6”, "3.99" and "Future", the more pressing/urgent issues being in "3.5" and then “3.6”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


psplash: Wrong spashscreen resolution in case of two displays with different resolution

Vasyl Vavrychuk
 

Hi,

In my system I have two displays (virtual) with different resolution
first: 1080x1920 (portrait orientation)
second: 640x720

When psplash is run, it shows boot animation with resolution 640x720 on the first display too:

+-----------+-----+
| | |
| psplash | |
| | |
| | |
+-----------+ |
| |
| |
| Display 1 |
| |
| |
+-----------------+

+-----------+
| |
| psplash |
| Display 2 |
| |
+-----------+

Can we achieve 1080x1920 resolution on Display 1? I worth case I don't need boot animation on display 2. Is DRM/KMS backend needed for that?

Kind regards,
Vasyl


Re: QA notification for completed autobuilder build (yocto-3.4.3.rc1)

Teoh, Jay Shen
 

Hello everyone,

This is the full report for yocto-3.4.3.rc3:
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults

======= Summary ========
No high milestone defects.

No new issue found.

Thanks,
Jay

-----Original Message-----
From: yocto@... <yocto@...> On Behalf
Of Teoh, Jay Shen
Sent: Friday, 25 March, 2022 10:20 AM
To: yocto@...; qa-build-notification@...;
OE-core <openembedded-core@...>
Subject: Re: [yocto] QA notification for completed autobuilder build (yocto-
3.4.3.rc1)

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.4.3.rc3.
We are planning to execute following tests for this cycle:
Please note that this is the rc3 build for 3.4.3, the rc number was marked to
rc1 by mistake.

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion next Monday, March 28.

Thanks,
Jay

-----Original Message-----
From: yocto@... <yocto@...> On
Behalf Of Pokybuild User
Sent: Thursday, 24 March, 2022 11:35 PM
To: yocto@...
Cc: qa-build-notification@...
Subject: [yocto] QA notification for completed autobuilder build
(yocto-
3.4.3.rc1)


A build flagged for QA (yocto-3.4.3.rc1) was completed on the
autobuilder and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.4.3.rc1


Build hash information:

bitbake: 43dcb2b2a2b95a5c959be57bca94fb7190ea6257
meta-agl: dd8e34ef5383d95d941a3afc9a03d3fcbba699dd
meta-arm: 33bbdc67f2ed7189398292ff58a7fee42a85a166
meta-aws: c92344938ab4d37de8bd8b799186dbbe3019a069
meta-gplv2: f04e4369bf9dd3385165281b9fa2ed1043b0e400
meta-intel: fb9e0633614dbf956da185d291333bcc1b137e5a
meta-mingw: f5d761cbd5c957e4405c5d40b0c236d263c916a8
meta-openembedded: 061b7fc74f887454251307ef119b808a90654d3f
oecore: ebca8f3ac9372b7ebb3d39e8f7f930b63b481448
poky: ee68ae307fd951b9de6b31dc6713ea29186b7749



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...



Re: firewalld isssue #yocto

Nicolas Jeker
 

On Sun, 2022-03-27 at 23:39 -0700, sateesh m wrote:
Hi Team,

                I have built a custom image core-image-base on riscv
target machine installed nftables,firewalld,JSON packages support. I
am using firewalld_0.9.3 sources depends nftables-python is present.
But I am getting error python-nftables. Can you please guide me on
what dependent I missed here? If suppose firewalld should work means,
What packages should  I install?  

But while running firewalld status is always failed mode.  
Using $firewall-cmd --reload  I am facing a  problem

Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0:
Error: Could not process rule: No such file or directory
 
Judging by this stack exchange thread[1] from a quick search, you might
be missing the appropriate kernel configs[2].

[1]: https://unix.stackexchange.com/questions/632113
[2]: https://wiki.gentoo.org/wiki/Nftables#Kernel

 
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -
290}}}, {"add": {"chain": {"family": "inet", "table": "firewalld",
"name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting",
"prio": -140}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"mangle_PREROUTING", "expr": [{"jump": {"target":
"mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}},
{"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"mangle_PREROUTING", "expr": [{"jump": {"target":
"mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}},
{"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"mangle_PREROUTING", "expr": [{"jump": {"target":
"mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat",
"hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}},
{"add": {"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PREROUTING", "expr": [{"jump": {"target":
"nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}},
{"add": {"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PREROUTING", "expr": [{"jump": {"target":
"nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}},
{"add": {"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PREROUTING", "expr": [{"jump": {"target":
"nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat",
"hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name":
"nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING",
"type": "nat", "hook": "prerouting", "prio": -90}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump":
{"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump":
{"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name":
"nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump":
{"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING",
"type": "nat", "hook": "postrouting", "prio": 110}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump":
{"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr":
[{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_INPUT", "type": "filter", "hook": "input", "prio": 10}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FORWARD", "type": "filter", "hook": "forward", "prio": 10}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_OUTPUT", "type": "filter", "hook": "output", "prio": 10}}},
{"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}},
"op": "in", "right": {"set": ["established", "related"]}}},
{"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left":
{"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_INPUT", "expr": [{"match": {"left": {"meta": {"key":
"iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_INPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump":
{"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_INPUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target":
"filter_INPUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_INPUT_POLICIES_post"}}},
{"add": {"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_INPUT", "expr": [{"jump": {"target":
"filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_INPUT", "expr":
[{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right":
{"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_INPUT",
"expr": [{"reject": {"type": "icmpx", "expr": "admin-
prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left":
{"ct": {"key": "state"}}, "op": "in", "right": {"set":
["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_FORWARD",
"expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in",
"right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FORWARD", "expr":
[{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==",
"right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name":
"filter_FORWARD_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump":
{"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_FORWARD_IN_ZONES"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump":
{"target": "filter_FORWARD_IN_ZONES"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_FORWARD_OUT_ZONES"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump":
{"target": "filter_FORWARD_OUT_ZONES"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_FORWARD_POLICIES_post"}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_FORWARD", "expr":
[{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key":
"state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_FORWARD", "expr": [{"reject": {"type": "icmpx",
"expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"match":
{"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}},
{"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "filter_OUTPUT_POLICIES_pre"}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_OUTPUT", "expr": [{"jump": {"target":
"filter_OUTPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name":
"filter_OUTPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump":
{"target": "filter_OUTPUT_POLICIES_post"}}]}}}, {"insert": {"rule":
{"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING",
"expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==",
"right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr",
"iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop":
null}]}}}, {"insert": {"rule": {"family": "inet", "table":
"firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left":
{"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==",
"right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}},
{"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_OUTPUT", "index": 0, "expr": [{"match":
{"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op":
"==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}},
{"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix":
{"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr":
"2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len":
24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix":
{"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr":
"2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len":
19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-
unreachable"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD", "index": 2, "expr":
[{"match": {"left": {"payload": {"protocol": "ip6", "field":
"daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr":
"::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0",
"len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}},
{"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr":
"2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len":
28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix":
{"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr":
"2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr":
"addr-unreachable"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_IN_public"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_public_pre"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_IN_public_log"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_public_deny"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_IN_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_IN_public_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump":
{"target": "filter_IN_public_pre"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_IN_public", "expr":
[{"jump": {"target": "filter_IN_public_log"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain": "filter_IN_public",
"expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_IN_public", "expr": [{"jump": {"target":
"filter_IN_public_allow"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump":
{"target": "filter_IN_public_post"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_IN_public_allow",
"expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field":
"dport"}}, "op": "==", "right": 22}}, {"match": {"left": {"ct":
{"key": "state"}}, "op": "in", "right": {"set": ["new",
"untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_IN_public_allow",
"expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field":
"daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len":
64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field":
"dport"}}, "op": "==", "right": 546}}, {"match": {"left": {"ct":
{"key": "state"}}, "op": "in", "right": {"set": ["new",
"untracked"]}}}, {"accept": null}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDO_public"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_public_pre"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDO_public_log"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_public_deny"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDO_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDO_public_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDO_public", "expr":
[{"jump": {"target": "filter_FWDO_public_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_FWDO_public", "expr": [{"jump": {"target":
"filter_FWDO_public_log"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDO_public", "expr":
[{"jump": {"target": "filter_FWDO_public_deny"}}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_FWDO_public", "expr": [{"jump": {"target":
"filter_FWDO_public_allow"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDO_public", "expr":
[{"jump": {"target": "filter_FWDO_public_post"}}]}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_POST_public"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_POST_public_post"}}}, {"add":
{"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump":
{"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_POST_public", "expr":
[{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain": "nat_POST_public",
"expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add":
{"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POST_public_log"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump":
{"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_POST_public", "expr":
[{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_POST_public",
"expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add":
{"rule": {"family": "ip6", "table": "firewalld", "chain":
"nat_POST_public", "expr": [{"jump": {"target":
"nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump":
{"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_FWDI_public"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_public_pre"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDI_public_log"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_public_deny"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "filter_FWDI_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"filter_FWDI_public_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_public", "expr":
[{"jump": {"target": "filter_FWDI_public_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_FWDI_public", "expr": [{"jump": {"target":
"filter_FWDI_public_log"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_public", "expr":
[{"jump": {"target": "filter_FWDI_public_deny"}}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_FWDI_public", "expr": [{"jump": {"target":
"filter_FWDI_public_allow"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_FWDI_public", "expr":
[{"jump": {"target": "filter_FWDI_public_post"}}]}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_public"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name":
"nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip",
"table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add":
{"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump":
{"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_PRE_public", "expr":
[{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain": "nat_PRE_public",
"expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add":
{"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip6",
"table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6",
"table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump":
{"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr":
[{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public",
"expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add":
{"rule": {"family": "ip6", "table": "firewalld", "chain":
"nat_PRE_public", "expr": [{"jump": {"target":
"nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "mangle_PRE_public"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_public_pre"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "mangle_PRE_public_log"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_public_deny"}}}, {"add": {"chain": {"family": "inet",
"table": "firewalld", "name": "mangle_PRE_public_allow"}}}, {"add":
{"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_public_post"}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump":
{"target": "mangle_PRE_public_pre"}}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr":
[{"jump": {"target": "mangle_PRE_public_log"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_public", "expr": [{"jump": {"target":
"mangle_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump":
{"target": "mangle_PRE_public_allow"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_public", "expr": [{"jump": {"target":
"mangle_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "inet",
"table": "firewalld", "chain": "filter_IN_public", "index": 4,
"expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==",
"right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add":
{"rule": {"family": "inet", "table": "firewalld", "chain":
"filter_FWDI_public", "index": 4, "expr": [{"match": {"left":
{"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp",
"icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family":
"inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr":
[{"goto": {"target": "filter_IN_public"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_FORWARD_OUT_ZONES", "expr": [{"goto": {"target":
"filter_FWDO_public"}}]}}}, {"add": {"rule": {"family": "ip",
"table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr":
[{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_POSTROUTING_ZONES", "expr": [{"goto": {"target":
"nat_POST_public"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"goto":
{"target": "filter_FWDI_public"}}]}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr":
[{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_PREROUTING_ZONES", "expr": [{"goto": {"target":
"nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "inet", "table":
"firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"goto":
{"target": "mangle_PRE_public"}}]}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-
ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld",
"name": "filter_IN_policy_allow-host-ipv6_pre"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_IN_policy_allow-host-ipv6_log"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_IN_policy_allow-host-ipv6_deny"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_IN_policy_allow-host-ipv6_allow"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"filter_IN_policy_allow-host-ipv6_post"}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain":
{"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-
host-ipv6"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add":
{"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family":
"ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-
ipv6_deny"}}}, {"add": {"chain": {"family": "ip", "table":
"firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}},
{"add": {"chain": {"family": "ip", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family":
"ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-
ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-
ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table":
"firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr":
[{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}},
{"add": {"rule": {"family": "ip", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule":
{"family": "ip", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family":
"ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-
ipv6_pre"}}}, {"add": {"chain": {"family": "ip6", "table":
"firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add":
{"chain": {"family": "ip6", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain":
{"family": "ip6", "table": "firewalld", "name":
"nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family":
"ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-
ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-
ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table":
"firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr":
[{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}},
{"add": {"rule": {"family": "ip6", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"mangle_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family":
"inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-
ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table":
"firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_log"}}},
{"add": {"chain": {"family": "inet", "table": "firewalld", "name":
"mangle_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"mangle_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain":
{"family": "inet", "table": "firewalld", "name":
"mangle_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6_post"}}]}}}, {"insert": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_INPUT_POLICIES_pre", "expr": [{"jump": {"target":
"filter_IN_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule":
{"family": "ip", "table": "firewalld", "chain":
"nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule":
{"family": "ip6", "table": "firewalld", "chain":
"nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target":
"nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"mangle_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target":
"mangle_PRE_policy_allow-host-ipv6"}}]}}}, {"add": {"rule":
{"family": "inet", "table": "firewalld", "chain":
"filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left":
{"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}},
{"match": {"left": {"payload": {"protocol": "icmpv6", "field":
"type"}}, "op": "==", "right": "nd-neighbor-advert"}}, {"accept":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match":
{"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}},
{"match": {"left": {"payload": {"protocol": "icmpv6", "field":
"type"}}, "op": "==", "right": "nd-neighbor-solicit"}}, {"accept":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match":
{"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}},
{"match": {"left": {"payload": {"protocol": "icmpv6", "field":
"type"}}, "op": "==", "right": "nd-router-advert"}}, {"accept":
null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld",
"chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match":
{"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}},
{"match": {"left": {"payload": {"protocol": "icmpv6", "field":
"type"}}, "op": "==", "right": "nd-redirect"}}, {"accept":
null}]}}}]}
 

--
Regards,
Sateesh



Re: CVE patch updates

Nicolas Jeker
 

On Thu, 2022-03-24 at 18:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org wrote:
 
So, my only change to my build is the INHERIT =+ “cve-check”…
No issue seen until this line added…
 
Can someone tell me why when I build from scratch, clean, I see the
following error ?
Who’s certificate failure is being flagged ?
 
Initialising tasks: 100%
|####################################################################
###################| Time: 0:00:04
Checking sstate mirror object availability: 100%
|###############################################################|
Time: 0:00:00
Sstate summary: Wanted 2258 Found 2229 Missed 29 Current 0 (98%
match, 0% complete)
NOTE: Executing Tasks
NOTE: Setscene tasks completed
ERROR: cve-update-db-native-1.0-r0 do_populate_cve_db: Error
executing a python function in exec_python_func() autogenerated:
 
The stack trace of python calls that resulted in this
exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function:
<module>
     0001:
*** 0002:do_populate_cve_db(d)
     0003:
File: '/disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-
core/meta/cve-update-db-native.bb', lineno: 69, function:
do_populate_cve_db
     0065:        meta_url = year_url + ".meta"
     0066:        json_url = year_url + ".json.gz"
     0067:
     0068:        # Retrieve meta last modified date
*** 0069:        response = urllib.request.urlopen(meta_url)
     0070:        if response:
     0071:            for l in
If you look at the source for cve-update-db-native.bb[1], you see how
the URLs are being generated. It tries to send requests to the
following URLs (if you didn't change NVDCVE_URL):

https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{YEAR}.meta
https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{YEAR}.json.gz

Where {YEAR} is every year from 2002 up until the current year + 1. I
suspect you might be behind a corporate firewall which does deep
inspection and replaces the certificates, but that's just a guess.

[1]:
https://git.yoctoproject.org/poky/tree/meta/recipes-core/meta/cve-update-db-native.bb

response.read().decode("utf-8").splitlines():
     0072:                key, value = l.split(":", 1)
     0073:                if key == "lastModifiedDate":
File: '/usr/lib64/python3.6/urllib/request.py', lineno: 223,
function: urlopen
     0219:    elif _opener is None:
     0220:        _opener = opener = build_opener()
     0221:    else:
     0222:        opener = _opener
*** 0223:    return opener.open(url, data, timeout)
     0224:
     0225:def install_opener(opener):
     0226:    global _opener
     0227:    _opener = opener
File: '/usr/lib64/python3.6/urllib/request.py', lineno: 526,
function: open
     0522:        for processor in self.process_request.get(protocol,
[]):
     0523:            meth = getattr(processor, meth_name)
     0524:            req = meth(req)
     0525:
*** 0526:        response = self._open(req, data)
     0527:
     0528:        # post-process response
     0529:        meth_name = protocol+"_response"
     0530:        for processor in
self.process_response.get(protocol, []):
File: '/usr/lib64/python3.6/urllib/request.py', lineno: 544,
function: _open
     0540:            return result
     0541:
     0542:        protocol = req.type
     0543:        result = self._call_chain(self.handle_open,
protocol, protocol +
*** 0544:                                  '_open', req)
     0545:        if result:
     0546:            return result
     0547:
     0548:        return self._call_chain(self.handle_open,
'unknown',
File: '/usr/lib64/python3.6/urllib/request.py', lineno: 504,
function: _call_chain
     0500:        # could.  Otherwise, they return the response.
     0501:        handlers = chain.get(kind, ())
     0502:        for handler in handlers:
     0503:            func = getattr(handler, meth_name)
*** 0504:            result = func(*args)
     0505:            if result is not None:
     0506:                return result
     0507:
     0508:    def open(self, fullurl, data=None,
timeout=socket._GLOBAL_DEFAULT_TIMEOUT):
File: '/usr/lib64/python3.6/urllib/request.py', lineno: 1392,
function: https_open
     1388:            self._check_hostname = check_hostname
     1389:
     1390:        def https_open(self, req):
     1391:            return
self.do_open(http.client.HTTPSConnection, req,
*** 1392:                context=self._context,
check_hostname=self._check_hostname)
     1393:
     1394:        https_request = AbstractHTTPHandler.do_request_
     1395:
     1396:    __all__.append('HTTPSHandler')
File: '/usr/lib64/python3.6/urllib/request.py', lineno: 1351,
function: do_open
     1347:            try:
     1348:                h.request(req.get_method(), req.selector,
req.data, headers,
     1349:                         
encode_chunked=req.has_header('Transfer-encoding'))
     1350:            except OSError as err: # timeout error
*** 1351:                raise URLError(err)
     1352:            r = h.getresponse()
     1353:        except:
     1354:            h.close()
     1355:            raise
Exception: urllib.error.URLError: <urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)>
 
ERROR: Logfile of failure stored in:
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-
default/tmp/work/x86_64-linux/cve-update-db-native/1.0-
r0/temp/log.do_populate_cve_db.4499
ERROR: Task
(/disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-
core/meta/cve-update-db-native.bb:do_populate_cve_db) failed with
exit code '1'
NOTE: Tasks Summary: Attempted 5772 tasks of which 5228 didn't need
to be rerun and 1 failed.
 
Summary: 1 task failed:
  /disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-
core/meta/cve-update-db-native.bb:do_populate_cve_db
Summary: There was 1 ERROR message shown, returning a non-zero exit
code.
14:41 smonsees@yix465383
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>find .
-name '_ssl.c' -print
14:47 smonsees@yix465383
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>
 
 
 
From: yocto@... <yocto@...>On
Behalf Of Monsees, Steven C (US) via lists.yoctoproject.org
Sent: Thursday, March 24, 2022 2:00 PM
To: yocto@...
Subject: Re: [yocto] CVE patch updates
 
External Email Alert This email has been sent from an account outside
of the BAE Systems network. Please treat the email with caution,
especially if you are requested to click on a link, decrypt/open an
attachment, or enable macros.  For further information on how to spot
phishing, access “Cybersecurity OneSpace Page” and report phishing by
clicking the button “Report Phishing” on the Outlook toolbar.
 
 
When building in cve-check to see what is reported, it generated all
blank/empty report files…
Can someone explain this ?, my local.conf does have the proper
modification (INHERIT += “cve-check”).
 
 
10:55 smonsees@yix465383
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>
bitbake -k sbca-defaultfs-full
Parsing recipes: 100%
|####################################################################
#########################| Time: 0:01:07
Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769
targets, 96 skipped, 0 masked, 0 errors.
NOTE: Resolving any missing task queue dependencies
 
Build Configuration:
BB_VERSION           = "1.44.0"
BUILD_SYS            = "x86_64-linux"
NATIVELSBSTRING      = "rhel-7.9"
TARGET_SYS           = "x86_64-poky-linux"
MACHINE              = "sbca-default"
DISTRO               = "limws"
DISTRO_VERSION       = "3.0.4"
TUNE_FEATURES        = "m64 corei7"
TARGET_FPU           = ""
meta                
meta-poky            =
"my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42"
meta-perl           
meta-python         
meta-filesystems    
meta-networking     
meta-initramfs      
meta-oe              =
"zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b"
meta-virtualization  =
"zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4"
meta                 =
"master:a32ddd2b2a51b26c011fa50e441df39304651503"
meta-clang           =
"zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9"
meta-intel           =
"zeus:d9942d4c3a710406b051852de7232db03c297f4e"
meta-intel           = "LIMWSSWARE-682-oews-meta-bae-clean-
up:99f116056452f1fefe83fe458f533b48f52fe4ba"
 
Initialising tasks: 100%
|####################################################################
######################| Time: 0:00:04
Checking sstate mirror object availability: 100%
|##################################################################|
Time: 0:00:02
Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match,
0% complete)
NOTE: Executing Tasks
NOTE: Setscene tasks completed
Image CVE report stored in:
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-
default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-
sbca-default-20220324145629.rootfs.cve
Image CVE report stored in:
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-
default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-
20220324145629.rootfs.cve
NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to
be rerun and all succeeded.
 
 
13:33 smonsees@yix465383
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-
default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-
sbca-default-20220324145629.rootfs.cve
-rw-r--r--. 1 smonsees none 0 Mar 24 13:16
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-
default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-
sbca-default-20220324145629.rootfs.cve
13:33 smonsees@yix465383
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-
default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-
20220324145629.rootfs.cve
-rw-r--r--. 1 smonsees none 0 Mar 24 13:17
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-
default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-
20220324145629.rootfs.cve
13:33 smonsees@yix465383
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>
 
 
13:27 smonsees@yix465383
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-
default/tmp/deploy/cve>ls -l
total 0
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip
-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native
13:27 smonsees@yix465383
/disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-
default/tmp/deploy/cve>
 
 
From: Monsees, Steven C (US)
Sent: Thursday, March 24, 2022 12:56 PM
To: yocto@...
Subject: CVE patch updates
 
 
 
I am currently building in cve-check to see what is reported, and I
was curious if Yocto might provide any CVE based patch repositories ?
 
Is there a yocto page somewhere that goes over this side of things ?,
I did not see much in the mega-manual… I am running on zeus based
platforms (for both armarch64 and x86_64).
 
Thanks,
Steve


firewalld isssue #yocto

sateesh m
 

Hi Team,

                I have built a custom image core-image-base on riscv target machine installed nftables,firewalld,JSON packages support. I am using firewalld_0.9.3 sources depends nftables-python is present. But I am getting error python-nftables. Can you please guide me on what dependent I missed here? If suppose firewalld should work means, What packages should  I install?  

But while running firewalld status is always failed mode.  
Using $firewall-cmd --reload  I am facing a  problem

Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory
 
 
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -290}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -140}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT", "type": "filter", "hook": "input", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD", "type": "filter", "hook": "forward", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT", "type": "filter", "hook": "output", "prio": 10}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_IN_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_IN_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_OUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_OUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "index": 0, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "index": 2, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"goto": {"target": "filter_IN_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"goto": {"target": "filter_FWDO_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"goto": {"target": "filter_FWDI_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"goto": {"target": "mangle_PRE_public"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_POLICIES_pre", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-solicit"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-router-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-redirect"}}, {"accept": null}]}}}]}
 

--
Regards,
Sateesh


firewalld isssue #yocto

sateesh m
 

Hi Team,

                I have built a custom image core-image-base with nftables,firewalld,json packages support. I am using firewalld_0.9.3 sources depends nftables-python is present. But I am getting error python-nftables. Can you please guide me on what dependent I missed here? If suppose firewalld should work means, What packages should  I install?  

But while running firewalld status is always failed mode.  
Using $firewall-cmd --reload  I am facing a  problem

Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory
 
 
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -290}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -140}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT", "type": "filter", "hook": "input", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD", "type": "filter", "hook": "forward", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT", "type": "filter", "hook": "output", "prio": 10}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_IN_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_IN_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_OUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_OUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "index": 0, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "index": 2, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"goto": {"target": "filter_IN_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"goto": {"target": "filter_FWDO_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"goto": {"target": "filter_FWDI_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"goto": {"target": "mangle_PRE_public"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_POLICIES_pre", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-solicit"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-router-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-redirect"}}, {"accept": null}]}}}]}
 

--
Regards,
Sateesh


[meta-security][PATCH] openscap-daemon: inherit python_setuptools_build_meta

Chen Qi
 

setuptools_build_meta has been renamed to python_setuptools_build_meta.

Signed-off-by: Chen Qi <Qi.Chen@...>
---
.../recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
index cf6d531..9659323 100644
--- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
+++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
@@ -13,7 +13,7 @@ SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=
file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \
"

-inherit setuptools_build_meta
+inherit python_setuptools_build_meta

S = "${WORKDIR}/git"

--
2.33.0


Re: CVE patch updates

Monsees, Steven C (US)
 

 

Thanks Tim,  subscribed…

 

From: Tim Orling <ticotimo@...>
Sent: Thursday, March 24, 2022 9:03 PM
To: Richard Purdie <richard.purdie@...>
Cc: Monsees, Steven C (US) <steven.monsees@...>; yocto@...
Subject: Re: [yocto] CVE patch updates

 

External Email Alert

This email has been sent from an account outside of the BAE Systems network.

Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros.  For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar.

 

 

 

On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote:

On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org wrote:
>   
> I am currently building in cve-check to see what is reported, and I was curious
> if Yocto might provide any CVE based patch repositories ?
>  
> Is there a yocto page somewhere that goes over this side of things ?,
> I did not see much in the mega-manual… I am running on zeus based platforms (for
> both armarch64 and x86_64).
>

You'll see output of cve-check on the yocto-security list for layers that are
still in maintenance:

https://lists.yoctoproject.org/g/yocto-security/messages

although zeus is out of maintenance.

We merge CVE fixes to the branches that are in maintenance.

A graph showing the data over time:

https://docs.google.com/spreadsheets/d/e/2PACX-1vRgNISmH0Ditf0bRtSezeR2XsgKIiSFJKF6KJUHpnzocNGzvKZbuSDKfmV3n64BFXDRqElBSJnhHtG4/pubchart?oid=1993375488&format=interactive

 

Steven, if you haven’t already, you should subscribe to 

 

Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it.

 

This is mostly a community effort. There is no special dedicated squad of security champions.

 


Cheers,

Richard





Re: CVE patch updates

Monsees, Steven C (US)
 

 

Thanks Richard, will do…

 

From: Tim Orling <ticotimo@...>
Sent: Thursday, March 24, 2022 9:03 PM
To: Richard Purdie <richard.purdie@...>
Cc: Monsees, Steven C (US) <steven.monsees@...>; yocto@...
Subject: Re: [yocto] CVE patch updates

 

External Email Alert

This email has been sent from an account outside of the BAE Systems network.

Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros.  For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar.

 

 

 

On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote:

On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org wrote:
>   
> I am currently building in cve-check to see what is reported, and I was curious
> if Yocto might provide any CVE based patch repositories ?
>  
> Is there a yocto page somewhere that goes over this side of things ?,
> I did not see much in the mega-manual… I am running on zeus based platforms (for
> both armarch64 and x86_64).
>

You'll see output of cve-check on the yocto-security list for layers that are
still in maintenance:

https://lists.yoctoproject.org/g/yocto-security/messages

although zeus is out of maintenance.

We merge CVE fixes to the branches that are in maintenance.

A graph showing the data over time:

https://docs.google.com/spreadsheets/d/e/2PACX-1vRgNISmH0Ditf0bRtSezeR2XsgKIiSFJKF6KJUHpnzocNGzvKZbuSDKfmV3n64BFXDRqElBSJnhHtG4/pubchart?oid=1993375488&format=interactive

 

Steven, if you haven’t already, you should subscribe to 

 

Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it.

 

This is mostly a community effort. There is no special dedicated squad of security champions.

 


Cheers,

Richard





bus service inactive issue #yocto

sateesh m
 

Hi Team,

               I am trying to start service dbus. I have built an image on riscv target machine. I want to access firewalld , firewalld service is running but dbus-deamon service also should be start to get a client response.
I have built packages using gatesgarth branch  systemd,dbus, firewalld installed. But facing problems.

So natively installed systemd,dbus,dbus-broker but still service is inactive state only using systemctl I am trying to start services.

issue :

aded: loaded ([]8;;file://Unmatched-2.0.2/lib/systemd/system/dbus-broker.serviceG/lib/systemd/system/dbus-broker.service[]8;;G; enabled; vendor preset: enable
d)
     Active: inactive (dead)
TriggeredBy: ○ dbus.socket
       Docs: []8;;man:dbus-broker-launch(1)Gman:dbus-broker-launch(1)[]8;;G
 
Can anybody know this please guide me.
Thanking you in advance.

--
Regards,
Sateesh


Re: QA notification for completed autobuilder build (yocto-3.4.3.rc1)

Teoh, Jay Shen
 

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.4.3.rc3. We are planning to execute following tests for this cycle:
Please note that this is the rc3 build for 3.4.3, the rc number was marked to rc1 by mistake.

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion next Monday, March 28.

Thanks,
Jay

-----Original Message-----
From: yocto@... <yocto@...> On Behalf
Of Pokybuild User
Sent: Thursday, 24 March, 2022 11:35 PM
To: yocto@...
Cc: qa-build-notification@...
Subject: [yocto] QA notification for completed autobuilder build (yocto-
3.4.3.rc1)


A build flagged for QA (yocto-3.4.3.rc1) was completed on the autobuilder
and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.4.3.rc1


Build hash information:

bitbake: 43dcb2b2a2b95a5c959be57bca94fb7190ea6257
meta-agl: dd8e34ef5383d95d941a3afc9a03d3fcbba699dd
meta-arm: 33bbdc67f2ed7189398292ff58a7fee42a85a166
meta-aws: c92344938ab4d37de8bd8b799186dbbe3019a069
meta-gplv2: f04e4369bf9dd3385165281b9fa2ed1043b0e400
meta-intel: fb9e0633614dbf956da185d291333bcc1b137e5a
meta-mingw: f5d761cbd5c957e4405c5d40b0c236d263c916a8
meta-openembedded: 061b7fc74f887454251307ef119b808a90654d3f
oecore: ebca8f3ac9372b7ebb3d39e8f7f930b63b481448
poky: ee68ae307fd951b9de6b31dc6713ea29186b7749



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...



Re: CVE patch updates

Tim Orling
 



On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote:
On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org wrote:
>   
> I am currently building in cve-check to see what is reported, and I was curious
> if Yocto might provide any CVE based patch repositories ?
>  
> Is there a yocto page somewhere that goes over this side of things ?,
> I did not see much in the mega-manual… I am running on zeus based platforms (for
> both armarch64 and x86_64).
>

You'll see output of cve-check on the yocto-security list for layers that are
still in maintenance:

https://lists.yoctoproject.org/g/yocto-security/messages

although zeus is out of maintenance.

We merge CVE fixes to the branches that are in maintenance.

A graph showing the data over time:

https://docs.google.com/spreadsheets/d/e/2PACX-1vRgNISmH0Ditf0bRtSezeR2XsgKIiSFJKF6KJUHpnzocNGzvKZbuSDKfmV3n64BFXDRqElBSJnhHtG4/pubchart?oid=1993375488&format=interactive

Steven, if you haven’t already, you should subscribe to 

Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it.

This is mostly a community effort. There is no special dedicated squad of security champions.


Cheers,

Richard







Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.4.3.rc2)

Teoh, Jay Shen
 

Noted. We will stop the QA for rc2.

Thanks,
Jay

-----Original Message-----
From: yocto@... <yocto@...> On Behalf
Of Richard Purdie
Sent: Thursday, 24 March, 2022 6:58 PM
To: qa-build-notification@...; yocto@...
Subject: Re: [yocto] [qa-build-notification] QA notification for completed
autobuilder build (yocto-3.4.3.rc2)

On Thu, 2022-03-24 at 02:35 +0000, Pokybuild User wrote:
A build flagged for QA (yocto-3.4.3.rc2) was completed on the autobuilder
and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.4.3.rc2


Build hash information:

bitbake: 1bc9f800ffc9b740cc1de0132ed04f07eadb3479
meta-agl: dd8e34ef5383d95d941a3afc9a03d3fcbba699dd
meta-arm: 33bbdc67f2ed7189398292ff58a7fee42a85a166
meta-aws: c92344938ab4d37de8bd8b799186dbbe3019a069
meta-gplv2: f04e4369bf9dd3385165281b9fa2ed1043b0e400
meta-intel: fb9e0633614dbf956da185d291333bcc1b137e5a
meta-mingw: f5d761cbd5c957e4405c5d40b0c236d263c916a8
meta-openembedded: 061b7fc74f887454251307ef119b808a90654d3f
oecore: a92a10d1ac5d050619cd6f71da5e6fa86bb9ab13
poky: ca162b5063ac877eac4987c1b5312109b5157a2a



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...
Could QA please hold off this as I think we're going to fix an issue seen in rc1
and build an rc3. Thanks!

(and we now have working automated list notifications again which is great!)

Cheers,

Richard


OpenEmbedded Happy Hour March 30 5pm/1700 UTC

Denys Dmytriyenko
 

All,

You are cordially invited to the next OpenEmbedded Happy Hour on March 30
for Europe/Americas timezones @ 1700/5pm UTC (1pm ET / 10am PT):

https://www.openembedded.org/wiki/Calendar
https://www.openembedded.org/wiki/Happy_Hours
https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+March+30&iso=20220330T17

--
Regards,
Denys Dmytriyenko <denis@...>
PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964
Fingerprint: 25FC E4A5 8A72 2F69 1186 6D76 4209 0272 9A92 C964


Re: CVE patch updates

Richard Purdie
 

On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org wrote:
  
I am currently building in cve-check to see what is reported, and I was curious
if Yocto might provide any CVE based patch repositories ?
 
Is there a yocto page somewhere that goes over this side of things ?,
I did not see much in the mega-manual… I am running on zeus based platforms (for
both armarch64 and x86_64).
You'll see output of cve-check on the yocto-security list for layers that are
still in maintenance:

https://lists.yoctoproject.org/g/yocto-security/messages

although zeus is out of maintenance.

We merge CVE fixes to the branches that are in maintenance.

A graph showing the data over time:

https://docs.google.com/spreadsheets/d/e/2PACX-1vRgNISmH0Ditf0bRtSezeR2XsgKIiSFJKF6KJUHpnzocNGzvKZbuSDKfmV3n64BFXDRqElBSJnhHtG4/pubchart?oid=1993375488&format=interactive

Cheers,

Richard


Re: CVE patch updates

Monsees, Steven C (US)
 

 

So, my only change to my build is the INHERIT =+ “cve-check”…

No issue seen until this line added…

 

Can someone tell me why when I build from scratch, clean, I see the following error ?

Who’s certificate failure is being flagged ?

 

Initialising tasks: 100% |#######################################################################################| Time: 0:00:04

Checking sstate mirror object availability: 100% |###############################################################| Time: 0:00:00

Sstate summary: Wanted 2258 Found 2229 Missed 29 Current 0 (98% match, 0% complete)

NOTE: Executing Tasks

NOTE: Setscene tasks completed

ERROR: cve-update-db-native-1.0-r0 do_populate_cve_db: Error executing a python function in exec_python_func() autogenerated:

 

The stack trace of python calls that resulted in this exception/failure was:

File: 'exec_python_func() autogenerated', lineno: 2, function: <module>

     0001:

*** 0002:do_populate_cve_db(d)

     0003:

File: '/disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 69, function: do_populate_cve_db

     0065:        meta_url = year_url + ".meta"

     0066:        json_url = year_url + ".json.gz"

     0067:

     0068:        # Retrieve meta last modified date

*** 0069:        response = urllib.request.urlopen(meta_url)

     0070:        if response:

     0071:            for l in response.read().decode("utf-8").splitlines():

     0072:                key, value = l.split(":", 1)

     0073:                if key == "lastModifiedDate":

File: '/usr/lib64/python3.6/urllib/request.py', lineno: 223, function: urlopen

     0219:    elif _opener is None:

     0220:        _opener = opener = build_opener()

     0221:    else:

     0222:        opener = _opener

*** 0223:    return opener.open(url, data, timeout)

     0224:

     0225:def install_opener(opener):

     0226:    global _opener

     0227:    _opener = opener

File: '/usr/lib64/python3.6/urllib/request.py', lineno: 526, function: open

     0522:        for processor in self.process_request.get(protocol, []):

     0523:            meth = getattr(processor, meth_name)

     0524:            req = meth(req)

     0525:

*** 0526:        response = self._open(req, data)

     0527:

     0528:        # post-process response

     0529:        meth_name = protocol+"_response"

     0530:        for processor in self.process_response.get(protocol, []):

File: '/usr/lib64/python3.6/urllib/request.py', lineno: 544, function: _open

     0540:            return result

     0541:

     0542:        protocol = req.type

     0543:        result = self._call_chain(self.handle_open, protocol, protocol +

*** 0544:                                  '_open', req)

     0545:        if result:

     0546:            return result

     0547:

     0548:        return self._call_chain(self.handle_open, 'unknown',

File: '/usr/lib64/python3.6/urllib/request.py', lineno: 504, function: _call_chain

     0500:        # could.  Otherwise, they return the response.

     0501:        handlers = chain.get(kind, ())

     0502:        for handler in handlers:

     0503:            func = getattr(handler, meth_name)

*** 0504:            result = func(*args)

     0505:            if result is not None:

     0506:                return result

     0507:

     0508:    def open(self, fullurl, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT):

File: '/usr/lib64/python3.6/urllib/request.py', lineno: 1392, function: https_open

     1388:            self._check_hostname = check_hostname

     1389:

     1390:        def https_open(self, req):

     1391:            return self.do_open(http.client.HTTPSConnection, req,

*** 1392:                context=self._context, check_hostname=self._check_hostname)

     1393:

     1394:        https_request = AbstractHTTPHandler.do_request_

     1395:

     1396:    __all__.append('HTTPSHandler')

File: '/usr/lib64/python3.6/urllib/request.py', lineno: 1351, function: do_open

     1347:            try:

     1348:                h.request(req.get_method(), req.selector, req.data, headers,

     1349:                          encode_chunked=req.has_header('Transfer-encoding'))

     1350:            except OSError as err: # timeout error

*** 1351:                raise URLError(err)

     1352:            r = h.getresponse()

     1353:        except:

     1354:            h.close()

     1355:            raise

Exception: urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)>

 

ERROR: Logfile of failure stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/work/x86_64-linux/cve-update-db-native/1.0-r0/temp/log.do_populate_cve_db.4499

ERROR: Task (/disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-core/meta/cve-update-db-native.bb:do_populate_cve_db) failed with exit code '1'

NOTE: Tasks Summary: Attempted 5772 tasks of which 5228 didn't need to be rerun and 1 failed.

 

Summary: 1 task failed:

  /disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-core/meta/cve-update-db-native.bb:do_populate_cve_db

Summary: There was 1 ERROR message shown, returning a non-zero exit code.

14:41 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>find . -name '_ssl.c' -print

14:47 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>

 

 

 

From: yocto@... <yocto@...> On Behalf Of Monsees, Steven C (US) via lists.yoctoproject.org
Sent: Thursday, March 24, 2022 2:00 PM
To: yocto@...
Subject: Re: [yocto] CVE patch updates

 

External Email Alert

This email has been sent from an account outside of the BAE Systems network.

Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros.  For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar.

 

 

When building in cve-check to see what is reported, it generated all blank/empty report files…

Can someone explain this ?, my local.conf does have the proper modification (INHERIT += “cve-check”).

 

 

10:55 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default> bitbake -k sbca-defaultfs-full

Parsing recipes: 100% |#############################################################################################| Time: 0:01:07

Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769 targets, 96 skipped, 0 masked, 0 errors.

NOTE: Resolving any missing task queue dependencies

 

Build Configuration:

BB_VERSION           = "1.44.0"

BUILD_SYS            = "x86_64-linux"

NATIVELSBSTRING      = "rhel-7.9"

TARGET_SYS           = "x86_64-poky-linux"

MACHINE              = "sbca-default"

DISTRO               = "limws"

DISTRO_VERSION       = "3.0.4"

TUNE_FEATURES        = "m64 corei7"

TARGET_FPU           = ""

meta                

meta-poky            = "my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42"

meta-perl           

meta-python         

meta-filesystems    

meta-networking     

meta-initramfs      

meta-oe              = "zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b"

meta-virtualization  = "zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4"

meta                 = "master:a32ddd2b2a51b26c011fa50e441df39304651503"

meta-clang           = "zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9"

meta-intel           = "zeus:d9942d4c3a710406b051852de7232db03c297f4e"

meta-intel           = "LIMWSSWARE-682-oews-meta-bae-clean-up:99f116056452f1fefe83fe458f533b48f52fe4ba"

 

Initialising tasks: 100% |##########################################################################################| Time: 0:00:04

Checking sstate mirror object availability: 100% |##################################################################| Time: 0:00:02

Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match, 0% complete)

NOTE: Executing Tasks

NOTE: Setscene tasks completed

Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve

Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve

NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to be rerun and all succeeded.

 

 

13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve

-rw-r--r--. 1 smonsees none 0 Mar 24 13:16 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve

13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve

-rw-r--r--. 1 smonsees none 0 Mar 24 13:17 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve

13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>

 

 

13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>ls -l

total 0

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native

13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>

 

 

From: Monsees, Steven C (US)
Sent: Thursday, March 24, 2022 12:56 PM
To: yocto@...
Subject: CVE patch updates

 

 

 

I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?

 

Is there a yocto page somewhere that goes over this side of things ?,

I did not see much in the mega-manual… I am running on zeus based platforms (for both armarch64 and x86_64).

 

Thanks,

Steve


Re: CVE patch updates

Monsees, Steven C (US)
 

 

When building in cve-check to see what is reported, it generated all blank/empty report files…

Can someone explain this ?, my local.conf does have the proper modification (INHERIT += “cve-check”).

 

 

10:55 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default> bitbake -k sbca-defaultfs-full

Parsing recipes: 100% |#############################################################################################| Time: 0:01:07

Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769 targets, 96 skipped, 0 masked, 0 errors.

NOTE: Resolving any missing task queue dependencies

 

Build Configuration:

BB_VERSION           = "1.44.0"

BUILD_SYS            = "x86_64-linux"

NATIVELSBSTRING      = "rhel-7.9"

TARGET_SYS           = "x86_64-poky-linux"

MACHINE              = "sbca-default"

DISTRO               = "limws"

DISTRO_VERSION       = "3.0.4"

TUNE_FEATURES        = "m64 corei7"

TARGET_FPU           = ""

meta                

meta-poky            = "my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42"

meta-perl           

meta-python         

meta-filesystems    

meta-networking     

meta-initramfs      

meta-oe              = "zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b"

meta-virtualization  = "zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4"

meta                 = "master:a32ddd2b2a51b26c011fa50e441df39304651503"

meta-clang           = "zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9"

meta-intel           = "zeus:d9942d4c3a710406b051852de7232db03c297f4e"

meta-intel           = "LIMWSSWARE-682-oews-meta-bae-clean-up:99f116056452f1fefe83fe458f533b48f52fe4ba"

 

Initialising tasks: 100% |##########################################################################################| Time: 0:00:04

Checking sstate mirror object availability: 100% |##################################################################| Time: 0:00:02

Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match, 0% complete)

NOTE: Executing Tasks

NOTE: Setscene tasks completed

Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve

Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve

NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to be rerun and all succeeded.

 

 

13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve

-rw-r--r--. 1 smonsees none 0 Mar 24 13:16 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve

13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve

-rw-r--r--. 1 smonsees none 0 Mar 24 13:17 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve

13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>

 

 

13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>ls -l

total 0

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip

-rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native

13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>

 

 

From: Monsees, Steven C (US)
Sent: Thursday, March 24, 2022 12:56 PM
To: yocto@...
Subject: CVE patch updates

 

 

 

I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?

 

Is there a yocto page somewhere that goes over this side of things ?,

I did not see much in the mega-manual… I am running on zeus based platforms (for both armarch64 and x86_64).

 

Thanks,

Steve

881 - 900 of 57406