Firewalld timeout and failure on Fedora 25
Hi all,
I'm using Fedora 25 Workstation and just recently started to read on firewalld and iptables to learn how to properly set it up. The problem I experience is: When I input Code:
firewall-cmd --state Code:
sudo systemctl start firewalld Job for firewalld.service failed because a timeout was exceeded. See "systemctl status firewalld.service" and "journalctl -xe" for details. So I ran Code:
sudo systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: failed (Result: timeout) since Sat 2017-02-18 19:36:21 PST; 34min ago Docs: man:firewalld(1) Process: 9677 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUC Main PID: 9677 (code=exited, status=0/SUCCESS) Feb 18 19:34:49 Reksio systemd[1]: Starting firewalld - dynamic firewall daemon... Feb 18 19:36:19 Reksio systemd[1]: firewalld.service: Start operation timed out. Terminating. Feb 18 19:36:21 Reksio systemd[1]: Failed to start firewalld - dynamic firewall daemon. Feb 18 19:36:21 Reksio systemd[1]: firewalld.service: Unit entered failed state. Feb 18 19:36:21 Reksio systemd[1]: firewalld.service: Failed with result 'timeout'. Someone told me to run Code:
sudo /usr/sbin/firewalld --nofork --nopid --debug 10 DEBUG1: config.GetAll('org.fedoraproject.FirewallD1.config') In anyone has any idea what's the problem and how to resolve it, I'd be super happy to hear you out. I couldn't find any solution for it on the internet, although people seem to have many other problems with firewalld. If anything, are you using firewalld or iptables (or something else)? Thanks! |
If it's running, why are you attempting to start it ?.
|
Well, please correct me if I'm wrong, but when I do
Code:
sudo systemctl status firewalld.service |
systemctl status firewalld should return active: (running)... ,at least it does on all my fedora 25 machines (3)
Perhaps you have some network problem causing the firewall to fail to start? Just guessing. |
I'm interested in -learning- about all this too. I tried:
# /usr/sbin/firewalld --nofork --nopid --debug 10 >zzz 2>&1 & but it 'killed' my CentOS7 (hung terminal & can't login) (note I added >...&) There's a 'pile' of web-search results, for some of your messages, like: http://reddit.com/r/sysadmin/comment...d_and_iptables but I didn't pinpoint anything (that I understood, anyway). Two thoughts on how to proceed: dig thru those web-search results, to post info from additional 'debug info' commands, which might hopefully uncover more 'clues', and/or: provide a 'cookbook/exact' way for others to reproduce this situation. (this is similar to 'bug reports', where they ask for -all- 'necessary' info/steps to -reproduce- the problem; then, it's easily resolved!) Best wishes...looking forward to more on this (and advice from LQgurus;) ). |
just to check, you haven't installed the iptables.service package? That will conflict with firewalld if you have.
|
Quote:
Code:
$ systemctl unmask iptables $ systemctl enable iptables $ systemctl start iptables Code:
systemctl start firewalld Job for firewalld.service failed because a timeout was exceeded. See "systemctl status firewalld.service" and "journalctl -xe" for details. And "firewalld.service" status still points to a failure due to a timeout. Quote:
Quote:
|
r3sistance, thank you so much for your comment! I overreacted a bit and input
Code:
sudo dnf remove iptables Code:
sudo systemctl enable firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor pr Active: active (running) since Mon 2017-02-20 13:20:04 PST; 2min 32s ago Docs: man:firewalld(1) Main PID: 907 (firewalld) CGroup: /system.slice/firewalld.service └─907 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid Feb 20 13:20:03 Reksio systemd[1]: Starting firewalld - dynamic firewall daemon. Feb 20 13:20:04 Reksio systemd[1]: Started firewalld - dynamic firewall daemon. So I think I not only installed iptables-services but also when I removed them I did something wrong and they were still interrupting firewalld. Thanks again |
did you check if the service was running before you uninstalled it? I am not sure if uninstalling it actually stops the service and so you maybe to check systemctl to see if it still appears.
I am not familiar with DNF but as a branch of yum, there is always the history rollback option if you want to make sure you get everything back. Unless you used that already, that is also a command to be careful with tho. |
Quote:
|
Quote:
|
Well now firewalld is running but iptables-services is not installed and when I'm trying to check the status
Code:
systemctl status iptables.service So my guess is they were conflicting before but now iptables.service is not running anymore |
All times are GMT -5. The time now is 06:37 AM. |