[Buildroot] [PATCH v2 1/1] package/firewalld: new package
Julien Olivain
ju.o at free.fr
Tue Aug 15 15:00:29 UTC 2023
Hi Thomas, Adam, all,
I'm adding Yegor Yefremov in CC, since he is registered as a
nftables developer.
On 14/08/2023 00:00, Thomas Petazzoni wrote:
> On Sat, 3 Jun 2023 19:52:04 -0700
> Adam Duskett <aduskett at gmail.com> wrote:
>
>> Firewalld provides a dynamically managed firewall with
>> support for network or firewall zones to define the trust level of
>> network
>> connections or interfaces.
>
> One thing that would be really nice as a follow-up patch would be a
> test case for the runtime test infrastructure. This is especially
> relevant as it is Python based, so it is easy to miss runtime
> dependencies that might be needed. I've added Julien Olivain in Cc, who
> can provide guidance on that, as he has probably written some of the
> most complex/elaborate test cases we gave in our runtime
> infrastructure.
I'll be happy to write such a firewalld runtime test.
When trying to do it, on branch next at commit eea0c9f, I was not able
to run any of the simplest firwalld command (Python nftables module
cannot load).
With a configuration such as:
make qemu_aarch64_virt_defconfig
utils/config \
-e BR2_PACKAGE_FIREWALLD \
--set-str BR2_TARGET_ROOTFS_EXT2_SIZE 200M
make olddefconfig
make
output/images/start-qemu.sh
Running simple commands, logged as root on qemu target, such as:
firewall-offline-cmd --version
firewalld --nofork --nopid
python -c 'import nftables'
All fail with output such as:
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'nftables'
I quickly tried with updated version of libnftnl and nftables proposed
at [1] but did not helped.
Upstream nftables reworked Python integration in commits [2] [3] but
are not yet in a release.
So I believe the nftables package needs a rework, at least for its
python support. We should first write a runtime test for it (including
its Python support). Only then, we should be able to write a runtime
test for firewalld.
Best regards,
Julien.
[1] https://patchwork.ozlabs.org/project/buildroot/list/?series=368887
[2]
https://git.netfilter.org/nftables/commit/?id=b3def33efecb2f7be39fc9aefc9546907202056c
[3]
https://git.netfilter.org/nftables/commit/?id=8e603e0f7eec7c0000344a004228a30fbf0ece5c
More information about the buildroot
mailing list