Sorry for the repeats, I think I've managed to make contact now.
I have done all the checks I can like that. When you start firewalld up,
the kernal loads a pile of modules and, although I'm not an expert, I
couldn't spot anything obvious missing. What I've since discovered is
that if you disable ipv6 in the firewalld conf file that it works just
fine. I can live with this as a work around, but it clearly isn't a long
term solution.
It does seem to be a clash with the kernal (for reference I'm using
4.1.11) - although it's about the Pi2, I found the work around here:
http://seven.centos.org/2015/06/another-proof-of-concept-armv7hl-release-this-one-for-the-raspberry-pi2/
I'm happy to keep digging, but I wondered if anyone knew any more about
the kernal being used and ipv6 things ... or whether this issue goes
away with later releases of firewalld. I can't find much on the
firewalld issue list.
Other than that, massive thanks for a great project. It's been a delight
to start using an EL on my pi.
Neil
On 11/01/2016 16:42, Gordan Bobic wrote:
I'm hardly an authority on firwalld, so take this with a bucket of
salt, but have you checked that all iptables kernel modules are
available in your kernel? It could be that something it tries to
do doesn't succeed because it assumes availability of various
iptables filtering modules.
I usually disable/mask firewalld and use iptables service
instead.
Gordan
On 2016-01-11 15:41, Neil Townsend wrote:
Hi all,
I recently installed RedSleeve 7.0 on a Raspberry Pi B (neither
plus nor 2).
It all seems to work fine, apart from one odd quirk: firewalld
runs, but seems to have issues in that it has zone problems; and
firewall-cmd thinks it isn't running. Here's a sequence of commands
showing that the system is up to date, and what happens when you try
and use firewalld:
[root@freepbx ~]# yum update
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
No packages marked for update
[root@freepbx ~]# firewall-cmd --state
not running
[root@freepbx ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service;
disabled)
Active: inactive (dead)
[root@freepbx ~]# systemctl enable firewalld
ln -s '/usr/lib/systemd/system/firewalld.service'
'/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
ln -s '/usr/lib/systemd/system/firewalld.service'
'/etc/systemd/system/basic.target.wants/firewalld.service'
[root@freepbx ~]# firewall-cmd --state
not running
[root@freepbx ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: inactive (dead)
[root@freepbx ~]# systemctl start firewalld
[root@freepbx ~]# firewall-cmd --state
not running
[root@freepbx ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sun 2016-01-03 14:42:24 UTC; 29s ago
Main PID: 1768 (firewalld)
CGroup: /system.slice/firewalld.service
ΓΆΓΆ1768 /usr/bin/python -Es /usr/sbin/firewalld --nofork
--nopid
Jan 03 14:42:24 freepbx systemd[1]: Started firewalld - dynamic
firewall daemon.
Jan 03 14:42:30 freepbx firewalld[1768]: 2016-01-03 14:42:30 ERROR:
INVALID_ZONE
[root@freepbx ~]# systemctl stop firewalld
[root@freepbx ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
In that funny state when it is running (according to systemctl) but
not (according to firewall-cmd), tow things of note:
1. It does seem to be active in that access to the pi is blocked.
2. It claims to have no zones.
The only thing I can see of note is the 'INVALID_ZONE' error in the
above text.
I note that this seems similar to an error reported for firewalld
here (in 0.3.9
http://serverfault.com/questions/673764/firewalld-service-is-running-but-firewall-cmd-doesnt-work
[1]) and also here (in 0.3.5:
https://bugzilla.redhat.com/show_bug.cgi?id=967376 [2]); Redsleeve 7
(and 7.1 and 7.2) seem to run version 0.3.9 from what I can see.
Any ideas?
Thanks,
Neil
Links:
------
[1]
http://mandrillapp.com/track/click/30309418/serverfault.com?p=eyJzIjoiRUVSX0xEYXlpZG81bFF0M25HbEZzbjU1TlVnIiwidiI6MSwicCI6IntcInVcIjozMDMwOTQxOCxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvc2VydmVyZmF1bHQuY29tXFxcL3F1ZXN0aW9uc1xcXC82NzM3NjRcXFwvZmlyZXdhbGxkLXNlcnZpY2UtaXMtcnVubmluZy1idXQtZmlyZXdhbGwtY21kLWRvZXNudC13b3JrXCIsXCJpZFwiOlwiNDg3Y2FhYzhkODhlNGEzYjg3OTA3ZGM5ZjExYjlmM2VcIixcInVybF9pZHNcIjpbXCI0NGQzMzlhZDNjYWYxNWZmNmRjYmIzOGY4Y2RmNzQ0ODZkYTBlYmZiXCJdfSJ9
[2]
http://mandrillapp.com/track/click/30309418/bugzilla.redhat.com?p=eyJzIjoib2dwLVBtWHlSVk5yb3VEb0NPYWxzOC1aSU84IiwidiI6MSwicCI6IntcInVcIjozMDMwOTQxOCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2J1Z3ppbGxhLnJlZGhhdC5jb21cXFwvc2hvd19idWcuY2dpP2lkPTk2NzM3NlwiLFwiaWRcIjpcIjQ4N2NhYWM4ZDg4ZTRhM2I4NzkwN2RjOWYxMWI5ZjNlXCIsXCJ1cmxfaWRzXCI6W1wiMDM1MWQwMzdhZjA5MDIzZjIzN2JkZTcwY2M3OGUxZjJjZjdlMWJiNFwiXX0ifQ
_______________________________________________
users mailing list
[email protected]
https://lists.redsleeve.org/mailman/listinfo/users
_______________________________________________
users mailing list
[email protected]
https://lists.redsleeve.org/mailman/listinfo/users
