Firewalld in Debian 10
In the past, I showed how to add a firewall rule in Debian
9. For Debian 10, these instructions
still work but installing the
firewalld package is a bit more involved.
There is a bug in
iptables (which is how firewalld applies rules) that causes
it to crash on start up. Thanks to this GitHub
was able to track this down to the specific version of
iptables that ships
with Debian 10 (
1.8.2). The good news is
1.8.3 fixes this issue, and that’s
available in the backports!
Fixing The Issue
Debian Backports are packages that have been updated to newer versions since the release of Debian. This gets into some of the packaging policies for Debian, which I won’t dive into. This is a tradeoff many distributions make, run slightly older software for the advantage of thorough testing and compatibility.
In this case, we’ll use backports to install version
To enable backports, create a new file,
and add this single line:
deb http://deb.debian.org/debian buster-backports main
sudo apt update on your system.
To install the updated
iptables version, run:
sudo apt install iptables/buster-backports
This will upgrade a few other packages, but this is all OK. Once completed,
firewalld again to fix its startup issue:
sudo systemctl restart firewalld.service
That’s it! To check if
firewalld is running, you can use
firewall-cmd --state. It should return