problema em Sabayon. Erros no firewalld e IPV6.

1. problema em Sabayon. Erros no firewalld e IPV6.

albfneto
(usa openSUSE)

Enviado em 17/05/2018 - 14:34h

Os Sabayons antigos usavam UFW, os novos, usam firewalld em systemd.

UFW desativado;



UFW desativado;

ufw.service - Uncomplicated Firewall

   Loaded: loaded (/usr/lib/systemd/system/ufw.service; disabled; vendor preset: disabled)

   Active: inactive (dead)

IPTables inativo ou ausente:

sudo systemctl status iptables.service

Unit iptables.service could not be found.

Mas notem que o IPTABLES existe:

sudo iptables --list

Senha: 

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere            

INPUT_direct  all  --  anywhere             anywhere            

INPUT_ZONES_SOURCE  all  --  anywhere             anywhere            

INPUT_ZONES  all  --  anywhere             anywhere            

DROP       all  --  anywhere             anywhere             ctstate INVALID

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited



Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere            

FORWARD_direct  all  --  anywhere             anywhere            

FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere            

FORWARD_IN_ZONES  all  --  anywhere             anywhere            

FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere            

FORWARD_OUT_ZONES  all  --  anywhere             anywhere            

DROP       all  --  anywhere             anywhere             ctstate INVALID

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited



Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

OUTPUT_direct  all  --  anywhere             anywhere            



Chain FORWARD_IN_ZONES (1 references)

target     prot opt source               destination         

FWDI_public  all  --  anywhere             anywhere            [goto] 

FWDI_public  all  --  anywhere             anywhere            [goto] 



Chain FORWARD_IN_ZONES_SOURCE (1 references)

target     prot opt source               destination         



Chain FORWARD_OUT_ZONES (1 references)

target     prot opt source               destination         

FWDO_public  all  --  anywhere             anywhere            [goto] 

FWDO_public  all  --  anywhere             anywhere            [goto] 



Chain FORWARD_OUT_ZONES_SOURCE (1 references)

target     prot opt source               destination         



Chain FORWARD_direct (1 references)

target     prot opt source               destination         



Chain FWDI_public (2 references)

target     prot opt source               destination         

FWDI_public_log  all  --  anywhere             anywhere            

FWDI_public_deny  all  --  anywhere             anywhere            

FWDI_public_allow  all  --  anywhere             anywhere            

ACCEPT     icmp --  anywhere             anywhere            



Chain FWDI_public_allow (1 references)

target     prot opt source               destination         



Chain FWDI_public_deny (1 references)

target     prot opt source               destination         



Chain FWDI_public_log (1 references)

target     prot opt source               destination         



Chain FWDO_public (2 references)

target     prot opt source               destination         

FWDO_public_log  all  --  anywhere             anywhere            

FWDO_public_deny  all  --  anywhere             anywhere            

FWDO_public_allow  all  --  anywhere             anywhere            



Chain FWDO_public_allow (1 references)

target     prot opt source               destination         



Chain FWDO_public_deny (1 references)

target     prot opt source               destination         



Chain FWDO_public_log (1 references)

target     prot opt source               destination         



Chain INPUT_ZONES (1 references)

target     prot opt source               destination         

IN_public  all  --  anywhere             anywhere            [goto] 

IN_public  all  --  anywhere             anywhere            [goto] 



Chain INPUT_ZONES_SOURCE (1 references)

target     prot opt source               destination         



Chain INPUT_direct (1 references)

target     prot opt source               destination         



Chain IN_public (2 references)

target     prot opt source               destination         

IN_public_log  all  --  anywhere             anywhere            

IN_public_deny  all  --  anywhere             anywhere            

IN_public_allow  all  --  anywhere             anywhere            

ACCEPT     icmp --  anywhere             anywhere            



Chain IN_public_allow (1 references)

target     prot opt source               destination         

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW



Chain IN_public_deny (1 references)

target     prot opt source               destination         



Chain IN_public_log (1 references)

target     prot opt source               destination         



Chain OUTPUT_direct (1 references)

target     prot opt source               destination

quando ligo o micro, tudo funciona, mas aparecem umas mensagens sobre não achar IPV6 em "iptables6".... Detalhe que a rede nova aqui é DHCP auto (não mais IP fixo), o perfil no firewalld é "public" e ela NÃO TEM IPV6

firewall-cmd --get-default-zone

public

Observem também que o firewalld está funcionando, mas com erros:



sudo systemctl status firewalld.service

Senha: 

&#9679; firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)

   Active: active (running) since Thu 2018-05-17 13:58:49 -03; 30min ago

     Docs: man:firewalld(1)

 Main PID: 2010 (firewalld)

    Tasks: 3 (limit: 4915)

   CGroup: /system.slice/firewalld.service

           &#9492;&#9472;2010 /usr/bin/python2.7 -Es /usr/lib/python-exec/python2.7/firewalld --nofork --nopid



mai 17 13:58:52 sabayon.local firewalld[2010]: WARNING: '/sbin/ip6tables-restore -n' failed:

mai 17 13:58:52 sabayon.local firewalld[2010]: ERROR: Failed to apply rules. A firewall reload might solve >

mai 17 13:58:52 sabayon.local firewalld[2010]: ERROR: '/sbin/ebtables -t broute -F' failed:

mai 17 13:58:52 sabayon.local firewalld[2010]: ERROR: '/sbin/iptables-restore -n' failed:

mai 17 13:58:52 sabayon.local firewalld[2010]: ERROR: Failed to apply rules. A firewall reload might solve >

mai 17 13:58:52 sabayon.local firewalld[2010]: ERROR: '/sbin/ebtables -t nat -D OUTPUT -j OUTPUT_direct' fa>

mai 17 13:58:52 sabayon.local firewalld[2010]: ERROR: COMMAND_FAILED

mai 17 13:58:54 sabayon.local firewalld[2010]: WARNING: '/sbin/ip6tables-restore -n' failed:

mai 17 13:58:54 sabayon.local firewalld[2010]: ERROR: '/sbin/iptables-restore -n' failed:

mai 17 13:58:54 sabayon.local firewalld[2010]: ERROR: COMMAND_FAILED

lines 1-19/19 (END)

Não sou especialista em redes, aliás, nem profissional de TI. Como conserto meu firewalld, apesar que a rede está funcionando e aquelas mensagens sobre o IPV6 não são críticas, mas elas amolam.... Devo desativar o ip6tables, já quer não tem IPV6?

0 0

Quote

2. Re: problema em Sabayon. Erros no firewalld e IPV6.

albfneto
(usa openSUSE)

Enviado em 21/05/2018 - 14:39h

Up. Estava olhando na Net e vendo as mensagens de erros, tenho de desativar o NAT no ipv6 e depois desativar o proprio ipv6 (nao tem IPV6 na rede daqui).
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Albfneto,
Ribeirão Preto, S.P., Brasil.
Usuário Linux, Linux Counter: #479903.
Distros Favoritas: Sabayon, Gentoo, openSUSE, Mageia e OpenMandriva.

0 0

Quote