Firewalld in Debian 10

In the past, I showed how to add a firewall rule in Debian 9. For Debian 10, these instructions still work but installing the firewalld package is a bit more involved.

Why

There is a bug in iptables (which is how firewalld applies rules) that causes it to crash on start up. Thanks to this GitHub Issue, I was able to track this down to the specific version of iptables that ships with Debian 10 (1.8.2). The good news is 1.8.3 fixes this issue, and that’s available in the backports!

Fixing The Issue

Debian Backports are packages that have been updated to newer versions since the release of Debian. This gets into some of the packaging policies for Debian, which I won’t dive into. This is a tradeoff many distributions make, run slightly older software for the advantage of thorough testing and compatibility.

In this case, we’ll use backports to install version 1.8.3 of iptables.

To enable backports, create a new file, /etc/apt/sources.list.d/backports.list and add this single line:

deb http://deb.debian.org/debian buster-backports main

Then run sudo apt update on your system.

To install the updated iptables version, run:

sudo apt install iptables/buster-backports

This will upgrade a few other packages, but this is all OK. Once completed, restart firewalld again to fix its startup issue:

sudo systemctl restart firewalld.service

That’s it! To check if firewalld is running, you can use firewall-cmd --state. It should return running.