firewalld - No such file or directory
Emily Wong 
After upgrading from Ubuntu 20.04 to 20.10 I want to finally get started with firewalld instead of the old manual iptables approach, but all I get from the service is the following, which also breaks any network integration with Docker:
Feb 13 13:28:20 myhost firewalld[36390]: ERROR: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directoryThat error message is not really helpful, since it doesn't say "what" can not be found.
I also tried to execute the JSON blob (from journalctl --unit firewalld --no-pager) using the nft command directly, but that just gives the same error message, actually mutliple times. So the error message is the one coming from libnftables1.
1 Answer
After reviewing a bit of Python code here and here it became clear that I need to disassemble the big JSON blob and see which instructions exactly fail, which lead me to the following (after storing the JSON blob into ~/nftables.json):
jq '.nftables | length' ~/nftables.json...to get the number of entries (225 in my case) and then:
for i in $(seq 1 224); do \ jq --argjson index "$i" '{"nftables": [.nftables[0], .nftables[$index]]}' ~/nftables.json | tee nft.json; \ sudo nft --json --file nft.json || break; \
done...which failed just for the first entry:
{ "nftables": [ { "metainfo": { "json_schema_version": 1 } }, { "add": { "chain": { "family": "inet", "table": "firewalld", "name": "raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -290 } } } ]
}
internal:0:0-0: Error: No such file or directoryAs this was just adding a chain, the only thing that could be wrong here is a missing table, which was confirmed by:
$ sudo nft list tables
table bridge filter
table bridge nat...so we need to add it:
sudo nft add table inet firewalldAfter some more similar failures, I ended up with just the following tables being added manually:
table inet firewalld
table ip firewalld
table ip6 firewalld
