You are not logged in.
Since last update i can't ssh to firewalld-protected machines.
ssh is disabled in all zones. Only in the "home"-zone i have an ipset with the allowed ips in my home-wlan and a rule accepting ssh from this ipset.
/etc/firewalld/ipsets/zuhause.xml:
<?xml version="1.0" encoding="utf-8"?>
<ipset type="hash:ip">
<description>ip's der Geräte, die zuhause Zugang haben sollen</description>
<entry>xxx.xxx.xxx.xxx</entry>
...
</ipset>
and the rule from /etc/firewalld/zones/home.xml
<rule family="ipv4">
<source ipset="zuhause"/>
<service name="ssh"/>
<accept/>
</rule>
This config worked until last update of firewalld.
Now i get:
$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-04-17 18:59:45 CEST; 12min ago
Docs: man:firewalld(1)
Main PID: 16577 (firewalld)
Tasks: 2 (limit: 18847)
Memory: 25.9M
CPU: 449ms
CGroup: /system.slice/firewalld.service
└─16577 /usr/bin/python /usr/bin/firewalld --nofork --nopid
Apr 17 18:59:44 nb-andreas-17.abamanthey.org systemd[1]: Starting firewalld - dynamic firewall daemon...
Apr 17 18:59:45 nb-andreas-17.abamanthey.org systemd[1]: Started firewalld - dynamic firewall daemon.
Apr 17 18:59:45 nb-andreas-17.abamanthey.org firewalld[16577]: WARNING: ipset not usable, disabling ipset usage in firewall.
Apr 17 18:59:45 nb-andreas-17.abamanthey.org firewalld[16577]: WARNING: zuhause: INVALID_TYPE: 'hash:ip' is not supported by ipset., ignoring for run-time.
Apr 17 18:59:45 nb-andreas-17.abamanthey.org firewalld[16577]: ERROR: INVALID_IPSET: zuhause
But firewalld actually has no ipset-types:
$ firewall-cmd --get-ipset-types
has not output. In the gui i cannot create a new ipset because there are no types to select.
What can i do?
Last edited by a_manthey (2021-04-18 08:34:34)
Offline
Winning isn't everything, but losing isn't anything.
Last edited by braderhart (2022-02-28 20:17:49)
version 0.9.3-3 has ipset support again, my config is working again.
thanks for support
Offline