Firewalld problem

Support
1

Hello everyone,

I am using :
AlmaLinux release 8.4 (Electric Cheetah)

On Alma, when i try to use firewalld i got those errors : operation not support.
This appear with reload argument or even when i try to allow tcp/udp port

firewall-cmd --reload
Error: COMMAND_FAILED: ‘python-nftables’ failed: internal:0:0-0: Error: Could not process rule: Opération non supportée
internal:0:0-0: Error: Could not process rule: Aucun fichier ou dossier de ce type
internal:0:0-0: Error: Could not process rule: Aucun fichier ou dossier de ce type
internal:0:0-0: Error: Could not process rule: Opération non supportée

Someone can help please ?

Thank you

2

Syntax error in rules.

In principle that should be hard to achieve, if we create rules with firewall-cmd.
It should store only syntactically content and coherent ruleset (albeit, could have logical errors) which firewalld then translates into nftables syntax for kernel.

Overall, if you do need anything but trivial workstation’s ruleset, then my (and Red Hat’s) recommendation is to use nftables.service and uninstall the firewalld.service.

The firewall-cmd --reload would replace the currently active ruleset with what is stored in (firewalld’s config) files. The error is in a file. What changes did you do to the files (with firewalld-cmd or manual edits)?

3

Thanks for the help, actualy i have no choice using firewalld on my company so i have to deal with, i tried to active the debug, i got this message if this can help

I uninstalled the firewalld too and reinstalled it but got the same error without doing any change via manual edit or with firewalld-cmd

DEBUG1: Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/firewall/core/fw_transaction.py", line 128, in execute
    self.fw.rules(backend_name, rules[backend_name])
  File "/usr/lib/python3.6/site-packages/firewall/core/fw.py", line 878, in rules
    backend.set_rules(_rules, self._log_denied)
  File "/usr/lib/python3.6/site-packages/firewall/core/nftables.py", line 359, in set_rules
    raise ValueError("'%s' failed: %s\nJSON blob:\n%s" % ("python-nftables", error, json.dumps(json_blob)))
ValueError: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: no file or directory
4

The default config is in /usr/lib/firewalld/. When you do changes, they are added to /etc/firewalld. Uninstall of package will not remove those files, because they are not owned by the package. Therefore, your custom config survived the reinstall.

Check what unowned files do you have:
rpm -qf /etc/firewalld/* /etc/firewalld/*/*

5

oh thank you for the information
what i got is → 

rpm -qf /etc/firewalld/* /etc/firewalld/*/*
firewalld-0.8.2-7.el8_4.noarch
firewalld-0.8.2-7.el8_4.noarch
firewalld-0.8.2-7.el8_4.noarch
firewalld-0.8.2-7.el8_4.noarch
firewalld-0.8.2-7.el8_4.noarch
firewalld-0.8.2-7.el8_4.noarch
firewalld-0.8.2-7.el8_4.noarch
le fichier /etc/firewalld/zones/public.xml n'appartient à aucun paquet
le fichier /etc/firewalld/zones/public.xml.old n'appartient à aucun paquet
6

If you remove these, then you should be at defaults.

7

i removed them, with yum remove and yum install firewalld again, but i got the result
systemctl start firewalld → work
systemctl status firewalld → 

ERROR: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: Opération non supportée
internal:0:0-0: Error: Could not process rule: Aucun fichier ou dossier de ce type
8

Then it was not your config. Websearch with:

yields hits, like:
https://bugzilla.redhat.com/show_bug.cgi?id=1817205
https://bugzilla.redhat.com/show_bug.cgi?id=1836571

I would next check:

systemctl status firewalld
systemctl status nftables
systemctl status iptables

Only the firewalld.service should be enabled (and iptables not found).