Debian Firewall build is broken #75
Comments
mwindower
added a commit
that referenced
this issue
Mar 2, 2021
mwindower
added a commit
that referenced
this issue
Mar 4, 2021
* use metal-network from ipv6 branch * forgot debian * install nftables in debian from testing * fix build * install nftables in debian from testing * use google-public-dns instead of cloudflare * deactivate debian firewall because of #75 * use metal-networker v0.6.0 * use metal-networker v0.6.1 Co-authored-by: Markus Wennrich <[email protected]> Co-authored-by: mwindower <[email protected]>
|
Deactivated debian firewall build for now with #70 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In buster-backports we get systemd in the version 247.3-1 (s. https://metadata.ftp-master.debian.org/changelogs//main/s/systemd/systemd_247.3-1_changelog)
Since 247.2-2 debian switched to "unified" cgroup hierarchy (cgroup2)
We deactivate this during machine installation and set
systemd.unified_cgroup_hierarchy=0as kernel parameter (s. a0690d3)For normal machines this setting is appropriate but on firewalls things are different:
we need cgroup2 for services on the firewall that are started with
ip vrf exec ...e.g. chrony, firewall-controller.Specifying legacy or hybrid mode for cgroup_hierarchy was unsuccessful.
The text was updated successfully, but these errors were encountered: