search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
18.14k stars 14.17k forks source link

opensnitch service is missing iptables and ip6tables binaries #148166

Closed rapenne-s closed 2 years ago

rapenne-s commented 2 years ago

Issue description

The service opensnitch doesn't work because it can't find iptables binary in PATH.

Steps to reproduce

In system configuration with nixos-21.11 channel use services.opensnitch.enable = true;, do some network activities and look at /var/log/opensnitchd.log, it will be full of errors related to iptables and ip6tables not found.

[2021-12-01 07:41:53]  IMP  firewall rules changed, reloading
[2021-12-01 07:41:53]  ERR  Error while running firewall rule, ipv4 err: exec: "iptables": executable file not found in $PATH
[2021-12-01 07:41:53]  ERR  rule: [-I INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass]
[2021-12-01 07:41:53]  ERR  Error while running firewall rule, ipv6 err: exec: "ip6tables": executable file not found in $PATH
[2021-12-01 07:41:53]  ERR  rule: [-I INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass]
[2021-12-01 07:41:53]  ERR  Error while running DNS firewall rule: exec: "iptables": executable file not found in $PATH exec: "ip6tables": executable file not found in $PATH
[2021-12-01 07:41:53]  ERR  Error parsing firewall configuration /etc/opensnitchd/system-fw.json: unexpected end of JSON input
[2021-12-01 07:42:23]  IMP  firewall rules changed, reloading
[2021-12-01 07:42:23]  ERR  Error while running firewall rule, ipv4 err: exec: "iptables": executable file not found in $PATH
[2021-12-01 07:42:23]  ERR  rule: [-I INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass]
[2021-12-01 07:42:23]  ERR  Error while running firewall rule, ipv6 err: exec: "ip6tables": executable file not found in $PATH
[2021-12-01 07:42:23]  ERR  rule: [-I INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass]
[2021-12-01 07:42:23]  ERR  Error while running DNS firewall rule: exec: "iptables": executable file not found in $PATH exec: "ip6tables": executable file not found in $PATH
[2021-12-01 07:42:23]  ERR  Error parsing firewall configuration /etc/opensnitchd/system-fw.json: unexpected end of JSON input

Technical details

nix-shell -p nix-info --run "nix-info -m"

 - system: `"x86_64-linux"`
 - host os: `Linux 5.10.81, NixOS, 21.11 (Porcupine)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.3.16`
 - channels(root): `"nixos-21.11.333840.6bfd8c700fe"`
 - channels(solene): `""`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
syberant commented 2 years ago

I believe this is addressed by #150023.

rapenne-s commented 2 years ago

I believe this is addressed by #150023.

I confirm opensnitch works with the merge request.