Need help troubleshooting a firewalld error

Support
1

I’m having an issue with firewalld. I’m using AlmaLinux 8.7.

I’m getting an error when I check my firewalld status:

firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2023-01-31 20:31:29 EST; 24min ago
     Docs: man:firewalld(1)
 Main PID: 2139946 (firewalld)
    Tasks: 2 (limit: 104857)
   Memory: 2.0M
   CGroup: /system.slice/firewalld.service
           └─2139946 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

Jan 31 20:31:29 server.myserver.co systemd[1]: Starting firewalld - dynamic firewall daemon...
Jan 31 20:31:29 server.myserver.co systemd[1]: Started firewalld - dynamic firewall daemon.
Jan 31 20:31:35 server.myserver.co firewalld[2139946]: ERROR: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: Invalid argument


                                                       JSON blob:
                                                       {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"ct helper": {"family": "inet", "table": "firewalld", "name": "helper-ftp-tcp", "type": "ftp", "protocol": "tcp"}}}]}
Jan 31 20:31:39 server.myserver.co firewalld[2139946]: ERROR: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: Invalid argument


                                                       JSON blob:
                                                       {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"ct helper": {"family": "inet", "table": "firewalld", "name": "helper-ftp-tcp", "type": "ftp", "protocol": "tcp"}}}]}
Jan 31 20:31:39 server.myserver.co firewalld[2139946]: ERROR: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: Invalid argument


                                                       JSON blob:
                                                       {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"ct helper": {"family": "inet", "table": "firewalld", "name": "helper-ftp-tcp", "type": "ftp", "protocol": "tcp"}}}]}

I’ve grepped for those strings to track down where those might be but I can’t seem to locate them.

Any help is appreciated.

2

that’s the important bit - looks like your ftp rule is invalid:

nft add ct helper family inet table firewalld name helper-ftp-tcp type ftp protocol tcp

definitely looks in the wrong order.

1 Like
3

That is JSON. Does it have “order” like normal humans?

This is clearly related to ftp. Have you added ftp service to some zone?
If yes, remove the ftp.

If firewalld is then happy, readd the ftp.

4

I have PureFTP running. I stopped pure-ftpd and that didn’t work. This is odd, as everything is installed, but I don’t have anything in my /etc/firewalld directory except for public.xml and public.xml.old under zones.

The diff on those two files is:
diff public.xml.old public.xml

7a8
>   <service name="ftp"/>
5

This answer solved my problem.