Firewalld missing nft errors

Please be patient, as I am a Noob. I am trying to setup a firewall and have followed the Clear Linux guide without success (https://docs.01.org/clearlinux/latest/guides/network/firewall.html). When I check the firewall-cmd --state, I receive the “failed” message.

When I check status of firewalld, I receive:

● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
     Active: active (running) since Tue 2020-02-25 14:00:27 EST; 33min ago
       Docs: man:firewalld(1)
   Main PID: 490 (python3)
      Tasks: 2 (limit: 6855)
     Memory: 52.4M
     CGroup: /system.slice/firewalld.service
             └─490 /usr/bin/python /usr/bin/firewalld --nofork --nopid

Feb 25 14:00:21 clr-afda79f43d974670969009622f748d9a systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 25 14:00:27 clr-afda79f43d974670969009622f748d9a systemd[1]: Started firewalld - dynamic firewall daemon.
Feb 25 14:00:30 clr-afda79f43d974670969009622f748d9a firewalld[490]: ERROR: '/usr/bin/nft add table inet firewalld' failed:
Feb 25 14:00:30 clr-afda79f43d974670969009622f748d9a firewalld[490]: ERROR: '/usr/bin/nft add table inet firewalld' failed:
Feb 25 14:00:30 clr-afda79f43d974670969009622f748d9a firewalld[490]: ERROR: COMMAND_FAILED: '/usr/bin/nft add table inet firewalld' failed:
Feb 25 14:01:12 clr-afda79f43d974670969009622f748d9a firewalld[490]: ERROR: '/usr/bin/nft add chain inet firewalld filter_IN_home' failed:
Feb 25 14:01:12 clr-afda79f43d974670969009622f748d9a firewalld[490]: ERROR: '/usr/bin/nft add chain inet firewalld filter_IN_home' failed:
Feb 25 14:01:12 clr-afda79f43d974670969009622f748d9a firewalld[490]: ERROR: COMMAND_FAILED: '/usr/bin/nft add chain inet firewalld filter_IN_home' failed:

Your help/suggestions will be greatly appreciated, as I feel “naked” without a firewall running. Reading here, you do not plane on trying to implement UFW/GUFW, which has worked well using other Linux distributions. Starting a firewall in MacOS and WIndows10. Setting up a simple IPFW firewall in FreeBSD was also a relatively simple thing, once I found guides online.

I’m wondering if the error you’re seeing is simply because we’re missing nft as a dependency for firewalld. Can you try adding the network-basic bundle with sudo swupd bundle-add network-basic and restarting to see if it fixes it?

Yes the problem is a missing nft dependency. I had exactly the same problem, which i solved by adding devpkg-nftables bundle. :slightly_smiling_face:

Thanks for confirming this! The firewalld bundle should be fixed to include nftables in the next release or two.

To: puneetse - Success thus far. Following your suggested inputs, I achieved this:

austinwi@clr-976fecfaf99d4252b51305b49b085382~ sudo systemctl enable --now firewalld.service Password: austinwi@clr-976fecfaf99d4252b51305b49b085382~ sudo firewall-cmd --state
running
austinwi@clr-976fecfaf99d4252b51305b49b085382~ $ sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-02-26 17:09:36 EST; 6min ago
Docs: man:firewalld(1)
Main PID: 492 (python3)
Tasks: 2 (limit: 6855)
Memory: 53.4M
CGroup: /system.slice/firewalld.service
└─492 /usr/bin/python /usr/bin/firewalld --nofork --nopid

Feb 26 17:09:30 clr-976fecfaf99d4252b51305b49b085382 systemd[1]: Starting firewalld - dynamic firewall daemon…
Feb 26 17:09:36 clr-976fecfaf99d4252b51305b49b085382 systemd[1]: Started firewalld - dynamic firewall daemon.
Feb 26 17:14:48 clr-976fecfaf99d4252b51305b49b085382 systemd[1]: Started firewalld - dynamic firewall daemon.

I am now adding Portage’s suggested input.

Thanks to you both for your help. I look forward to using and learning more.

Regards