Faustin Lammler added a comment - 2022-03-22 10:37 Same was done for the rhel machine: The following line was commented in `/etc/rc.d/rc.local`: #iptables-restore < /etc/sysconfig/iptables.save Reboot tested, should be ok now.

Faustin Lammler added a comment - 2022-09-23 13:35 For ubuntu, remove the netfilter-persistent package: sudo apt purge netfilter-persistent

Faustin Lammler added a comment - 2022-10-13 14:01 - edited On s390x rhel8: installation of wireguard is done by compiling from sources ( https://www.wireguard.com/compilation/ ). The following patch needs to be applied https://github.com/WireGuard/wireguard-linux-compat/commit/8cfcb57cdcc020deb7727e73c231f6ea08e692fd wget https://github.com/WireGuard/wireguard-linux-compat/commit/8cfcb57cdcc020deb7727e73c231f6ea08e692fd.patch cd wireguard-linux-compat git apply ../8cfcb57cdcc020deb7727e73c231f6ea08e692fd.patch make -C src -j$(nproc) Then the following error can appear: [linux1@mariadbrhrel8 ~]$ sudo make -C wireguard-linux-compat/src install make: Entering directory '/home/linux1/wireguard-linux-compat/src' INSTALL /home/linux1/wireguard-linux-compat/src/wireguard.ko At main.c:160: - SSL error:02001002:system library:fopen:No such file or directory: crypto/bio/bss_file.c:69 - SSL error:2006D080:BIO routines:BIO_new_file:no such file: crypto/bio/bss_file.c:76 sign-file: certs/signing_key.pem: No such file or directory DEPMOD 4.18.0-372.26.1.el8_6.s390x depmod -b "/" -a 4.18.0-372.26.1.el8_6.s390x make: Leaving directory '/home/linux1/wireguard-linux-compat/src' This can be resolved with https://github.com/andikleen/simple-pt/issues/8#issuecomment-813438385 ufw deployment is also problematic, here is the workaround [linux1@mariadbrhrel8 yum.repos.d]$ sudo ufw status Status: inactive [linux1@mariadbrhrel8 yum.repos.d]$ sudo ufw allow ssh ERROR: problem running [linux1@mariadbrhrel8 yum.repos.d]$ sudo ufw disable Firewall stopped and disabled on system startup [linux1@mariadbrhrel8 yum.repos.d]$ sudo ufw allow ssh Skipping adding existing rule Rules updated (v6) [linux1@mariadbrhrel8 yum.repos.d]$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup

Faustin Lammler added a comment - 2022-10-13 15:01 - edited For wireguard sles15 some step were missing: 1/ apply the following patch diff --git a/src/compat/compat.h b/src/compat/compat.h index 91d4388..e15b76b 100644 --- a/src/compat/compat.h +++ b/src/compat/compat.h @@ -849,17 +849,6 @@ static inline void skb_mark_not_on_list(struct sk_buff *skb) #endif #endif   -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) -#define genl_dumpit_info(cb) ({ \ - struct { struct nlattr **attrs; } *a = (void *)((u8 *)cb->args + offsetofend(struct dump_ctx, next_allowedip)); \ - BUILD_BUG_ON(sizeof(cb->args) < offsetofend(struct dump_ctx, next_allowedip) + sizeof(*a)); \ - a->attrs = genl_family_attrbuf(&genl_family); \ - if (nlmsg_parse(cb->nlh, GENL_HDRLEN + genl_family.hdrsize, a->attrs, genl_family.maxattr, device_policy, NULL) < 0) \ - memset(a->attrs, 0, (genl_family.maxattr + 1) * sizeof(struct nlattr *)); \ - a; \ -}) -#endif - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) #include <linux/skbuff.h> #ifndef skb_list_walk_safe 2/ add the following in /etc/modprobe.d/10-unsupported-modules.conf allow_unsupported_modules 1

Faustin Lammler added a comment - 2022-10-13 15:30 - edited For sles15, you need to install the following packages: sudo zypper install zabbix-agent cron python3-rpm here is the list of role that don't work for automatic deployment: ufw zabbix-agent (needs to be installed manually) docker (needs to be installed manually) For the firewall, it needs to be reseted: sudo rm /etc/iptables.save sudo ufw disable sudo ufw allow ssh sudo ufw enable sudo reboot