Error from command nft list table inet firezone

Hello,

I am experiencing an error when recreating my firezone stack after a docker restart, here’s the log below:

firezone | Creating WireGuard interface wg-firezone
firezone | Adding route 100.64.0.0/10 for interface wg-firezone
firezone | Adding route fd00::/106 for interface wg-firezone
firezone | 08:05:18.827 erl_level=info application=ecto_sql domain=elixir file=lib/ecto/migrator.ex function=log/2 line=707 mfa=Ecto.Migrator.log/2 module=Ecto.Migrator pid=<0.95.0> [info] Migrations already up
firezone | 08:05:21.180 erl_level=info application=phoenix domain=elixir file=lib/phoenix/endpoint/cowboy2_adapter.ex function=start_link/3 line=103 mfa=Phoenix.Endpoint.Cowboy2Adapter.start_link/3 module=Phoenix.Endpoint.Cowboy2Adapter pid=<0.366.0> [info] Running FzHttpWeb.Endpoint with cowboy 2.9.0 at 0.0.0.0:13000 (http)
firezone | 08:05:21.186 erl_level=info application=phoenix domain=elixir file=lib/phoenix/endpoint/supervisor.ex function=log_access_url/2 line=425 mfa=Phoenix.Endpoint.Supervisor.log_access_url/2 module=Phoenix.Endpoint.Supervisor pid=<0.331.0> [info] Access FzHttpWeb.Endpoint at https://vpn.kumulen.com
firezone | 08:05:21.551 erl_level=notice domain=otp file=application_controller.erl function=info_exited/3 line=2119 mfa=:application_controller.info_exited/3 module=application_controller pid=<0.44.0> [notice] Application fz_wall exited: FzWall.Application.start(:normal, ) returned an error: shutdown: failed to start child: FzWall.Server
firezone | ** (EXIT) an exception was raised:
firezone | ** (RuntimeError) Unknown Error from command nft list table inet firezone. Error:
firezone |
firezone |
firezone | (fz_wall 0.7.30) lib/fz_wall/cli/helpers/nft.ex:188: FzWall.CLI.Helpers.Nft.table_exists?/0
firezone | (fz_wall 0.7.30) lib/fz_wall/cli/helpers/nft.ex:168: FzWall.CLI.Helpers.Nft.teardown_table/0
firezone | (fz_wall 0.7.30) lib/fz_wall/cli/live.ex:15: FzWall.CLI.Live.setup_firewall/0
firezone | (fz_wall 0.7.30) lib/fz_wall/server.ex:16: FzWall.Server.init/1
firezone | (stdlib 4.2) gen_server.erl:851: :gen_server.init_it/2
firezone | (stdlib 4.2) gen_server.erl:814: :gen_server.init_it/6
firezone | (stdlib 4.2) proc_lib.erl:240: :proc_lib.init_p_do_apply/3
firezone | {“Kernel pid terminated”,application_controller,“{application_start_failure,fz_wall,{{shutdown,{failed_to_start_child,‘Elixir.FzWall.Server’,{#{‘exception’ => true,‘struct’ => ‘Elixir.RuntimeError’,message => <<" Unknown Error from command nft list table inet firezone. Error:\n \n">>},[{‘Elixir.FzWall.CLI.Helpers.Nft’,‘table_exists?’,0,[{file,"lib/fz_wall/cli/helpers/nft.ex"},{line,188},{error_info,#{module => ‘Elixir.Exception’}}]},{‘Elixir.FzWall.CLI.Helpers.Nft’,teardown_table,0,[{file,"lib/fz_wall/cli/helpers/nft.ex"},{line,168}]},{‘Elixir.FzWall.CLI.Live’,setup_firewall,0,[{file,"lib/fz_wall/cli/live.ex"},{line,15}]},{‘Elixir.FzWall.Server’,init,1,[{file,"lib/fz_wall/server.ex"},{line,16}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,851}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,814}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]}}},{‘Elixir.FzWall.Application’,start,[normal,]}}}”}
firezone | Kernel pid terminated (application_controller) ({application_start_failure,fz_wall,{{shutdown,{failed_to_start_child,‘Elixir.FzWall.Server’,{#{‘exception’ => true,‘struct’ => ‘Elixir.RuntimeError’,message => <<" Unknown Error from command nft list table inet firezone. Error:\n \n">>},[{‘Elixir.FzWall.CLI.Helpers.Nft’,‘table_exists?’,0,[{file,“lib/fz_wall/cli/helpers/nft.ex”},{line,188},{error_info,#{module => ‘Elixir.Exception’}}]},{‘Elixir.FzWall.CLI.Helpers.Nft’,teardown_table,0,[{file,“lib/fz_wall/cli/helpers/nft.ex”},{line,168}]},{‘Elixir.FzWall.CLI.Live’,setup_firewall,0,[{file,“lib/fz_wall/cli/live.ex”},{line,15}]},{‘Elixir.FzWall.Server’,init,1,[{file,“lib/fz_wall/server.ex”},{line,16}]},{gen_server,init_it,2,[{file,“gen_server.erl”},{line,851}]},{gen_server,init_it,6,[{file,“gen_server.erl”},{line,814}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,240}]}]}}},{‘Elixir.FzWall.Application’,start,[normal,]}}})
firezone |
firezone | Crash dump is being written to: erl_crash.dump…done

I can’t find out what is happening, the log isn’t very descriptive. I alreadt tried to start from a new postgres DB to no avail. Has anybody encountered this issue?

Thanks!

What kernel are you on? It looks like there’s an issue with the nft subsystem; typically we’ve seen that with older kernels that don’t support all the nft commands. I’d recommend 5.6 or newer if you’re not on that already.

Nice one. My kernel reverted to 3.10 after a reboot and I didn’t notice it. Went back to 6.4 and all good now. Thanks for the quick response!