Jump to content
Not connected, Your IP: 216.73.217.81
AirVPN
Sign in to follow this  
Followers 0
Staff

[LINUX] Network Lock and firewalld

By Staff, ... in Troubleshooting and Problems

Recommended Posts

Staff    10561

Staff
Posted ...

Hello!

Starting from version 2.3, firewalld by default owns exclusively nftables tables generated by itself, thus preventing Eddie, Bluetit and Hummingbird Network Lock related operations. If you want to have Network Lock enabled and firewalld running at the same time, then you must configure firewalld by setting the following option: 

NftablesTableOwner=no
in firewalld's configuration file, usually /etc/firewalld/firewalld.conf .

After you have edited the configuration file with any text editor with root privileges, reload firewalld configuration or restart firewalld, and only then (re)start Bluetit, Hummingbird or Eddie. Additional insights:
https://discussion.fedoraproject.org/t/firewalld-add-flags-owner-persist-in-fedora-42/148835
https://forums.rockylinux.org/t/rocky-9-5-breaks-netfilter/16551

Kind regards
 
0bacon, Infradragon and fsy reacted to this

Share this post

Link to post

Tuco99    1

Tuco99
Posted ...

I realise you people are really clued up and know what you are doing. However we the users who downloaded Eddie because we have no idea how to set up a VPN at command line level. We need a graphics bos that says connect, disconnect.  So how you expect us to do these tasks to fix stuff?

Share this post

Link to post

Staff    10561

Staff
Posted ...
1 hour ago, Tuco99 said:

However we the users who downloaded Eddie because we have no idea how to set up a VPN at command line level. We need a graphics bos that says connect, disconnect.  So how you expect us to do these tasks to fix stuff?


Hello!

Of course. Eddie offers a GUI with a one-click connection button, but the case of firewalld is so special to be a very rare exception requiring manual intervention by the system administrator. We can't allow Eddie to manipulate your system in such a profound way. Note that Eddie will work anyway, but you can't use Network Lock to prevent leaks, because firewalld takes exclusive ownership of the firewall rules (Network Lock is based on firewall rules).

And after all, do not underestimate yourself. The steps to fix the situation are very simple and "once and for all". Let's break the steps down:
1. Open a terminal (aka shell or Console or Konsole) from your Desktop Environment
2. Type the following command: 
sudo nano /etc/firewalld/firewalld.conf
3. You are now inside the "nano" editor, editing the firewalld configuration file with administrator (root) privileges. Move with the cursor arrow keys between the options and enter the following line: 
NftablesTableOwner=no
make sure you press ENTER at the end of the line (so the line stays alone between all the other options, anywhere).

4. Save the file by pressing CTRL + O (keep CTRL pressed, and type O)
5. Exit the editor by pressing CTRL + X
6. Restart firewalld with the command (on the terminal): 
sudo systemctl restart firewalld

Kind regards
 

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...