Hi all,
This time lucky?
I recently installed RedSleeve 7.0 on a Raspberry Pi B (neither
plus nor 2).
It all seems to work fine, apart from one odd quirk: firewalld
runs, but seems to have issues in that it has zone problems; and
firewall-cmd thinks it isn't running. Here's a sequence of commands
showing that the system is up to date, and what happens when you try and
use firewalld:
[root@freepbx ~]# yum update
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
No packages marked for update
[root@freepbx ~]# firewall-cmd --state
not running
[root@freepbx ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
[root@freepbx ~]# systemctl enable firewalld
ln -s '/usr/lib/systemd/system/firewalld.service'
'/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
ln -s '/usr/lib/systemd/system/firewalld.service'
'/etc/systemd/system/basic.target.wants/firewalld.service'
[root@freepbx ~]# firewall-cmd --state
not running
[root@freepbx ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead)
[root@freepbx ~]# systemctl start firewalld
[root@freepbx ~]# firewall-cmd --state
not running
[root@freepbx ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sun 2016-01-03 14:42:24 UTC; 29s ago
Main PID: 1768 (firewalld)
CGroup: /system.slice/firewalld.service
ΓΆΓΆ1768 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Jan 03 14:42:24 freepbx systemd[1]: Started firewalld - dynamic firewall
daemon.
Jan 03 14:42:30 freepbx firewalld[1768]: 2016-01-03 14:42:30 ERROR:
INVALID_ZONE
[root@freepbx ~]# systemctl stop firewalld
[root@freepbx ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
In that funny state when it is running (according to systemctl) but not
(according to firewall-cmd), tow things of note:
1. It does seem to be active in that access to the pi is blocked.
2. It claims to have no zones.
The only thing I can see of note is the 'INVALID_ZONE' error in the
above text.
I note that this seems similar to an error reported for firewalld
here (in 0.3.9
http://serverfault.com/questions/673764/firewalld-service-is-running-but-firewall-cmd-doesnt-work)
and also here (in 0.3.5:
https://bugzilla.redhat.com/show_bug.cgi?id=967376); Redsleeve 7 (and
7.1 and 7.2) seem to run version 0.3.9 from what I can see.
I have discovered that it is possible to work around this by
disabling ipv6 in firewalld.conf. but obviously that isn't a good long
term plan!
Any ideas?
Thanks,
Neil
_______________________________________________
users mailing list
[email protected]
https://lists.redsleeve.org/mailman/listinfo/users
