Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-116152

portblock: add nftables support

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.2
    • rhel-10.2
    • resource-agents
    • None
    • resource-agents-4.16.0-29.el10
    • No
    • Low
    • rhel-ha
    • 13
    • 26
    • 8
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Unspecified Release Note Type - Unknown
    • Hide
      Feature, enhancement: nftables support
      Reason: iptables is just a wrapper for nftables, which will be removed in the future.
      Result: nftables is enabled by default, and can be changed to iptables by setting firewall=iptables.
      Show
      Feature, enhancement: nftables support Reason: iptables is just a wrapper for nftables, which will be removed in the future. Result: nftables is enabled by default, and can be changed to iptables by setting firewall=iptables.
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Use portblock with nftables.

      What is the impact of this issue to you?

      Unable to use nftables with the portblock agent.

      Please provide the package NVR for which the bug is seen:

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. pcs resource create pblock portblock firewall=nft protocol=tcp portno=8444 direction=both action=block

      Expected results

      Able to use nftables instead of iptables.

      Actual results

      Gives error that firewall-parameter is available:

      Error: invalid resource option 'firewall', allowed options are: 'action', 'direction', 'ip', 'portno', 'protocol', 'reset_local_on_unblock_stop', 'sync_script', 'tickle_dir', 'trace_file', 'trace_ra', use --force to override
      Error: Errors have occurred, therefore pcs is unable to continue

      Note

      The promotable part of the Pull Request is covered in https://issues.redhat.com/browse/RHEL-116149

              rhn-engineering-oalbrigt Oyvind Albrigtsen
              rhn-engineering-oalbrigt Oyvind Albrigtsen
              Oyvind Albrigtsen Oyvind Albrigtsen
              Cluster QE Cluster QE
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: