I'm hardly an authority on firwalld, so take this with a bucket of
salt, but have you checked that all iptables kernel modules are
available in your kernel? It could be that something it tries to
do doesn't succeed because it assumes availability of various
iptables filtering modules.
I usually disable/mask firewalld and use iptables service
instead.
Gordan
On 2016-01-11 15:41, Neil Townsend wrote:
Hi all,
I recently installed RedSleeve 7.0 on a Raspberry Pi B (neither
plus nor 2).
It all seems to work fine, apart from one odd quirk: firewalld
runs, but seems to have issues in that it has zone problems; and
firewall-cmd thinks it isn't running. Here's a sequence of commands
showing that the system is up to date, and what happens when you try
and use firewalld:
[root@freepbx ~]# yum update
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
No packages marked for update
[root@freepbx ~]# firewall-cmd --state
not running
[root@freepbx ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service;
disabled)
Active: inactive (dead)
[root@freepbx ~]# systemctl enable firewalld
ln -s '/usr/lib/systemd/system/firewalld.service'
'/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
ln -s '/usr/lib/systemd/system/firewalld.service'
'/etc/systemd/system/basic.target.wants/firewalld.service'
[root@freepbx ~]# firewall-cmd --state
not running
[root@freepbx ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead)
[root@freepbx ~]# systemctl start firewalld
[root@freepbx ~]# firewall-cmd --state
not running
[root@freepbx ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sun 2016-01-03 14:42:24 UTC; 29s ago
Main PID: 1768 (firewalld)
CGroup: /system.slice/firewalld.service
ΓΆΓΆ1768 /usr/bin/python -Es /usr/sbin/firewalld --nofork
--nopid
Jan 03 14:42:24 freepbx systemd[1]: Started firewalld - dynamic
firewall daemon.
Jan 03 14:42:30 freepbx firewalld[1768]: 2016-01-03 14:42:30 ERROR:
INVALID_ZONE
[root@freepbx ~]# systemctl stop firewalld
[root@freepbx ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
In that funny state when it is running (according to systemctl) but
not (according to firewall-cmd), tow things of note:
1. It does seem to be active in that access to the pi is blocked.
2. It claims to have no zones.
The only thing I can see of note is the 'INVALID_ZONE' error in the
above text.
I note that this seems similar to an error reported for firewalld
here (in 0.3.9
http://serverfault.com/questions/673764/firewalld-service-is-running-but-firewall-cmd-doesnt-work
[1]) and also here (in 0.3.5:
https://bugzilla.redhat.com/show_bug.cgi?id=967376 [2]); Redsleeve 7
(and 7.1 and 7.2) seem to run version 0.3.9 from what I can see.
Any ideas?
Thanks,
Neil
Links:
------
[1]
http://mandrillapp.com/track/click/30309418/serverfault.com?p=eyJzIjoiRUVSX0xEYXlpZG81bFF0M25HbEZzbjU1TlVnIiwidiI6MSwicCI6IntcInVcIjozMDMwOTQxOCxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvc2VydmVyZmF1bHQuY29tXFxcL3F1ZXN0aW9uc1xcXC82NzM3NjRcXFwvZmlyZXdhbGxkLXNlcnZpY2UtaXMtcnVubmluZy1idXQtZmlyZXdhbGwtY21kLWRvZXNudC13b3JrXCIsXCJpZFwiOlwiNDg3Y2FhYzhkODhlNGEzYjg3OTA3ZGM5ZjExYjlmM2VcIixcInVybF9pZHNcIjpbXCI0NGQzMzlhZDNjYWYxNWZmNmRjYmIzOGY4Y2RmNzQ0ODZkYTBlYmZiXCJdfSJ9
[2]
http://mandrillapp.com/track/click/30309418/bugzilla.redhat.com?p=eyJzIjoib2dwLVBtWHlSVk5yb3VEb0NPYWxzOC1aSU84IiwidiI6MSwicCI6IntcInVcIjozMDMwOTQxOCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2J1Z3ppbGxhLnJlZGhhdC5jb21cXFwvc2hvd19idWcuY2dpP2lkPTk2NzM3NlwiLFwiaWRcIjpcIjQ4N2NhYWM4ZDg4ZTRhM2I4NzkwN2RjOWYxMWI5ZjNlXCIsXCJ1cmxfaWRzXCI6W1wiMDM1MWQwMzdhZjA5MDIzZjIzN2JkZTcwY2M3OGUxZjJjZjdlMWJiNFwiXX0ifQ
_______________________________________________
users mailing list
[email protected]
https://lists.redsleeve.org/mailman/listinfo/users
_______________________________________________
users mailing list
[email protected]
https://lists.redsleeve.org/mailman/listinfo/users
