合 华为欧拉openEuler系统启动防火墙firewalld报错 ERROR: 'python-nftables' failed: JSON blob
👉 本文共约157个字,系统预计阅读时间或需1分钟。
现象
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 | [root@lhropeneuler22 /]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2023-08-17 09:10:31 CST; 4s ago Docs: man:firewalld(1) Main PID: 3684 (firewalld) Tasks: 2 (limit: 411120) Memory: 22.7M CGroup: /docker/bba70ff6ec100a6017917eefc34d32474a461919f5b29bc4976f594d4e773ae6/system.slice/firewalld.service └─ 3684 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid Aug 17 09:10:31 lhropeneuler22 systemd[1]: Starting firewalld - dynamic firewall daemon... Aug 17 09:10:31 lhropeneuler22 systemd[1]: Started firewalld - dynamic firewall daemon. Aug 17 09:10:31 lhropeneuler22 firewalld[3684]: ERROR: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -140}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewall> Aug 17 09:10:31 lhropeneuler22 firewalld[3684]: ERROR: COMMAND_FAILED: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -140}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewall> [root@lhropeneuler22 /]# [root@lhropeneuler22 /]# firewall-cmd --add-port=0-65535/tcp --permanent firewall-cmd --add-port=0-65535/udp --permanentsuccess [root@lhropeneuler22 /]# firewall-cmd --add-port=0-65535/udp --permanent success [root@lhropeneuler22 /]# firewall-cmd --reload firewall-cmd --list-portsError: COMMAND_FAILED: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld_policy_drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_input", "type": "filter", "hook": "input", "prio": 9, "policy": "drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_forward", "type": "filter", "hook": "forward", "prio": 9, "policy": "drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_output", "type": "filter", "hook": "output", "prio": 9, "policy": "drop"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_input", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_forward", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_output", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}]} [root@lhropeneuler22 /]# firewall-cmd --list-ports [root@lhropeneuler22 /]# firewall-cmd --reload Error: COMMAND_FAILED: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld_policy_drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_input", "type": "filter", "hook": "input", "prio": 9, "policy": "drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_forward", "type": "filter", "hook": "forward", "prio": 9, "policy": "drop"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld_policy_drop", "name": "filter_output", "type": "filter", "hook": "output", "prio": 9, "policy": "drop"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_input", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_forward", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld_policy_drop", "chain": "filter_output", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}]} [root@lhropeneuler22 /]# ll /usr/lib/firewalld/policies/allow-host-ipv6.xml -rw-r--r-- 1 root root 649 Jan 25 2022 /usr/lib/firewalld/policies/allow-host-ipv6.xml [root@lhropeneuler22 /]# rm /usr/lib/firewalld/policies/allow-host-ipv6.xml rm: remove regular file '/usr/lib/firewalld/policies/allow-host-ipv6.xml'? y [root@lhropeneuler22 /]# rm /etc/firewalld/policies/allow-host-ipv6.xml rm: cannot remove '/etc/firewalld/policies/allow-host-ipv6.xml': No such file or directory [root@lhropeneuler22 /]# systemctl restart firewalld [root@lhropeneuler22 /]# [root@lhropeneuler22 /]# [root@lhropeneuler22 /]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2023-08-17 09:12:08 CST; 5s ago Docs: man:firewalld(1) Main PID: 3745 (firewalld) Tasks: 2 (limit: 411120) Memory: 21.0M CGroup: /docker/bba70ff6ec100a6017917eefc34d32474a461919f5b29bc4976f594d4e773ae6/system.slice/firewalld.service └─ 3745 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid Aug 17 09:12:08 lhropeneuler22 systemd[1]: Starting firewalld - dynamic firewall daemon... Aug 17 09:12:08 lhropeneuler22 systemd[1]: Started firewalld - dynamic firewall daemon. Aug 17 09:12:08 lhropeneuler22 firewalld[3745]: ERROR: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}]} Aug 17 09:12:08 lhropeneuler22 firewalld[3745]: ERROR: COMMAND_FAILED: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}]} [root@lhropeneuler22 /]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2023-08-17 09:12:08 CST; 1min 57s ago Docs: man:firewalld(1) Main PID: 3745 (firewalld) Tasks: 2 (limit: 411120) Memory: 21.0M CGroup: /docker/bba70ff6ec100a6017917eefc34d32474a461919f5b29bc4976f594d4e773ae6/system.slice/firewalld.service └─ 3745 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid Aug 17 09:12:08 lhropeneuler22 systemd[1]: Starting firewalld - dynamic firewall daemon... Aug 17 09:12:08 lhropeneuler22 systemd[1]: Started firewalld - dynamic firewall daemon. Aug 17 09:12:08 lhropeneuler22 firewalld[3745]: ERROR: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}]} Aug 17 09:12:08 lhropeneuler22 firewalld[3745]: ERROR: COMMAND_FAILED: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}]} [root@lhropeneuler22 /]# tailf /var/log/firewalld {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"delete": {"table": {"family": "inet", "name": "firewalld"}}}]} 2023-08-17 09:12:08 ERROR: COMMAND_FAILED: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"delete": {"table": {"family": "inet", "name": "firewalld"}}}]} 2023-08-17 09:12:08 ERROR: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}]} 2023-08-17 09:12:08 ERROR: COMMAND_FAILED: 'python-nftables' failed: JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"table": {"family": "inet", "name": "firewalld"}}}]} ^C [root@lhropeneuler22 /]# grep Conflicts /usr/lib/systemd/system/firewalld.service Conflicts=iptables.service ip6tables.service ebtables.service ipset.service nftables.service [root@lhropeneuler22 /]# dnf info firewalld Last metadata expiration check: 0:07:00 ago on Thu Aug 17 09:08:32 2023. Installed Packages Name : firewalld Version : 1.0.2 Release : 2.oe2203 Architecture : noarch Size : 3.1 M Source : firewalld-1.0.2-2.oe2203.src.rpm Repository : @System From repo : OS Summary : A firewall daemon with D-Bus interface providing a dynamic firewall URL : http://www.firewalld.org License : GPLv2+ Description : firewalld is a firewall service daemon that provides a dynamic customizable : firewall with a D-Bus interface. Available Packages Name : firewalld Version : 1.0.2 Release : 2.oe2203 Architecture : src Size : 1.9 M Source : None Repository : source Summary : A firewall daemon with D-Bus interface providing a dynamic firewall URL : http://www.firewalld.org License : GPLv2+ Description : firewalld is a firewall service daemon that provides a dynamic customizable : firewall with a D-Bus interface. [root@lhropeneuler22 /]# rpm -q firewalld firewalld-1.0.2-2.oe2203.noarch [root@lhropeneuler22 /]# ll /etc/firewalld/policies/allow-host-ipv6.xml ls: cannot access '/etc/firewalld/policies/allow-host-ipv6.xml': No such file or directory [root@lhropeneuler22 /]# ll /usr/lib/firewalld/policies/allow-host-ipv6.xml ls: cannot access '/usr/lib/firewalld/policies/allow-host-ipv6.xml': No such file or directory [root@lhropeneuler22 /]# vi /etc/firewalld/firewalld.conf [root@lhropeneuler22 /]# [root@lhropeneuler22 /]# systemctl restart firewalld [root@lhropeneuler22 /]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2023-08-17 09:17:25 CST; 4s ago Docs: man:firewalld(1) Main PID: 4000 (firewalld) Tasks: 2 (limit: 411120) Memory: 20.3M CGroup: /docker/bba70ff6ec100a6017917eefc34d32474a461919f5b29bc4976f594d4e773ae6/system.slice/firewalld.service └─ 4000 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid Aug 17 09:17:25 lhropeneuler22 systemd[1]: Starting firewalld - dynamic firewall daemon... Aug 17 09:17:25 lhropeneuler22 systemd[1]: Started firewalld - dynamic firewall daemon. [root@lhropeneuler22 /]# [root@lhropeneuler22 /]# firewall-cmd --reload firewall-cmd --list-portssuccess [root@lhropeneuler22 /]# firewall-cmd --list-ports 0-65535/tcp 0-65535/udp |
debian报错
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | root@lhrdebian11:/# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: active (running) since Fri 2023-08-18 10:36:51 CST; 6s ago Docs: man:firewalld(1) Main PID: 3124 (firewalld) Tasks: 2 (limit: 77085) Memory: 22.4M CGroup: /docker/0b3cfe4b6ebbcf96ce86055f1f21a51c917d62319c0ea0294804ac49794d0408/system.slice/firewalld.service └─3124 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid Aug 18 10:36:51 lhrdebian11 systemd[1]: Starting firewalld - dynamic firewall daemon... Aug 18 10:36:51 lhrdebian11 systemd[1]: Started firewalld - dynamic firewall daemon. Aug 18 10:36:54 lhrdebian11 firewalld[3124]: ERROR: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop": null}]}}}]} Aug 18 10:36:56 lhrdebian11 firewalld[3124]: ERROR: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop": null}]}}}]} Aug 18 10:36:56 lhrdebian11 firewalld[3124]: ERROR: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop": null}]}}}]} root@lhrdebian11:/# vi /etc/firewalld/firewalld.conf |
本人提供Oracle(OCP、OCM)、MySQL(OCP)、PostgreSQL(PGCA、PGCE、PGCM)等数据库的培训和考证业务,私聊QQ646634621或微信dbaup66,谢谢!
