rhel8: firewalld-0.8.0 fails to add direct rules when backed by iptables

Solution Unverified - Updated -


  • firewall-cmd --zone=<zone> --direct --add-rule ipv4 filter <chain> <priority> <args> fails with following error.

    Error: gen_chain_rules() missing 1 required positional argument: 'transaction'
  • When firewalld is backed with iptables, firewalld's /etc/firewalld/direct.xml may fail to load after upgrading to firewalld-0.8.0.


  • Red Hat Enterprise Linux (RHEL) 8
  • package firewalld, affected versions:
    • versions after (including) firewalld-0.8.0-2.el8
    • versions before (excluding) firewalld-0.8.2-2.el8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content