I am trying to set up debian 11 bullseye in an LXD-container on my Qnap NAS. Since this is a "naked" debian installation in the container I assume this is a debian issue, not related to Qnap and its container station.
I cannot enable any firewall correctly in this debian contianer, nor ufw neither firewalld. I installed one after the other with
Code: Select all
apt install ufw
Code: Select all
apt install firewalld
With firewalld "systemctl status firewalld" gives me following feedback:
Code: Select all
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor pres
et: enabled)
Drop-In: /run/systemd/system/service.d
└─zzz-lxc-service.conf
Active: active (running) since Sat 2022-01-01 16:21:25 UTC; 2min
15s ago
Docs: man:firewalld(1)
Main PID: 51 (firewalld)
CPU: 743ms
CGroup: /system.slice/firewalld.service
└─51 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
Jan 01 16:21:24 debian systemd[1]: Starting firewalld - dynamic firewall daemon.
..
Jan 01 16:21:25 debian systemd[1]: Started firewalld - dynamic firewall daemon.
Jan 01 16:21:25 debian firewalld[51]: ERROR: 'python-nft
ables' failed:
JSON blob:
{"nftables": [{"metainfo": {"json_
schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}
}, {"add": {"table": {"family": "ip", "name": "firewalld"}}}, {"add": {"table":
{"family": "ip6", "name": "firewalld"}}}]}
Jan 01 16:21:26 debian firewalld[51]: ERROR: COMMAND_FAI
LED: 'python-nftables' failed:
JSON blob:
{"nftables": [{"metainfo": {"json_
schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}
}, {"add": {"table": {"family": "ip", "name": "firewalld"}}}, {"add": {"table":
{"family": "ip6", "name": "firewalld"}}}]}
Jan 01 16:23:23 debian systemd[1]: Started firewalld - dynamic firewall daemon.
with ufw systemctl activates the firewall without any negative feedback, but the command "ufw enable" leads to follwing message:
Code: Select all
ERROR: problem running ufw-init
iptables-restore v1.8.7 (nf_tables): Could not fetch rule set generation id: Invalid argument
iptables-restore v1.8.7 (nf_tables): Could not fetch rule set generation id: Invalid argument
iptables-restore v1.8.7 (nf_tables): Couldn't load match `conntrack':No such file or directory
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.7 (nf_tables): Could not fetch rule set generation id: Invalid argument
iptables-restore v1.8.7 (nf_tables): Could not fetch rule set generation id: Invalid argument
iptables-restore v1.8.7 (nf_tables): Couldn't load match `conntrack':No such file or directory
Error occurred at line: 25
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.7 (nf_tables): unknown option "--dport"
Error occurred at line: 19
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.7 (nf_tables): Could not fetch rule set generation id: Invalid argument
iptables-restore v1.8.7 (nf_tables): Couldn't load match `limit':No such file or directory
Error occurred at line: 8
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
iptables-restore v1.8.7 (nf_tables): Could not fetch rule set generation id: Invalid argument
sysctl: permission denied on key "net.ipv4.conf.all.accept_redirects"
sysctl: permission denied on key "net.ipv4.conf.default.accept_redirects"
sysctl: permission denied on key "net.ipv6.conf.all.accept_redirects"
sysctl: permission denied on key "net.ipv6.conf.default.accept_redirects"
sysctl: permission denied on key "net.ipv4.icmp_echo_ignore_broadcasts"
sysctl: permission denied on key "net.ipv4.icmp_ignore_bogus_error_responses"
sysctl: permission denied on key "net.ipv4.icmp_echo_ignore_all"
sysctl: permission denied on key "net.ipv4.conf.all.log_martians"
sysctl: permission denied on key "net.ipv4.conf.default.log_martians"
Problem loading ipv6 (skipping)
Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/after.rules'
Problem running '/etc/ufw/user.rules'
Thanks
Philipp