Hi all,

I'm using Fedora 25 Workstation and just recently started to read on firewalld and iptables to learn how to properly set it up. The problem I experience is:
When I input it tells me that it is running but every time I input it responds with:

Job for firewalld.service failed because a timeout was exceeded.
See "systemctl status firewalld.service" and "journalctl -xe" for details.

So I ran and I got this in response:

● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: failed (Result: timeout) since Sat 2017-02-18 19:36:21 PST; 34min ago
Docs: man:firewalld(1)
Process: 9677 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUC
Main PID: 9677 (code=exited, status=0/SUCCESS)

Feb 18 19:34:49 Reksio systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 18 19:36:19 Reksio systemd[1]: firewalld.service: Start operation timed out. Terminating.
Feb 18 19:36:21 Reksio systemd[1]: Failed to start firewalld - dynamic firewall daemon.
Feb 18 19:36:21 Reksio systemd[1]: firewalld.service: Unit entered failed state.
Feb 18 19:36:21 Reksio systemd[1]: firewalld.service: Failed with result 'timeout'.


Someone told me to run and it seems like it cannot go through:

DEBUG1: config.GetAll('org.fedoraproject.FirewallD1.config')


In anyone has any idea what's the problem and how to resolve it, I'd be super happy to hear you out. I couldn't find any solution for it on the internet, although people seem to have many other problems with firewalld.
If anything, are you using firewalld or iptables (or something else)?


Thanks!

If it's running, why are you attempting to start it ?.

Well, please correct me if I'm wrong, but when I do and I get the response as mentioned above with "Active: failed (Result: timeout)" doesn't it mean that the firewall actually fails to run? That's why I was trying to start it

systemctl status firewalld should return active: (running)... ,at least it does on all my fedora 25 machines (3)

Perhaps you have some network problem causing the firewall to fail to start? Just guessing.

I'm interested in -learning- about all this too. I tried:
# /usr/sbin/firewalld --nofork --nopid --debug 10 >zzz 2>&1 &
but it 'killed' my CentOS7 (hung terminal & can't login) (note I added >...&)

There's a 'pile' of web-search results, for some of your messages, like:
http://reddit.com/r/sysadmin/comment...d_and_iptables
but I didn't pinpoint anything (that I understood, anyway).

Two thoughts on how to proceed: dig thru those web-search results, to post info from
additional 'debug info' commands, which might hopefully uncover more 'clues',
and/or: provide a 'cookbook/exact' way for others to reproduce this situation.
(this is similar to 'bug reports', where they ask for -all- 'necessary' info/steps
to -reproduce- the problem; then, it's easily resolved!)

Best wishes...looking forward to more on this (and advice from LQgurus ).

just to check, you haven't installed the iptables.service package? That will conflict with firewalld if you have.

1 members found this post helpful.

Thanks for the link. I tried following some of their ideas, and I did what user R3D3MPT1ON said:

I also tried to unmask and enable firewalld in case I accidentally disabled it at some point, but when I write

I still see the same thing:

Job for firewalld.service failed because a timeout was exceeded.
See "systemctl status firewalld.service" and "journalctl -xe" for details.

And "firewalld.service" status still points to a failure due to a timeout.


I am going through some of the web searches and it seems some people have a problem that firewalld's debug freezes at "cockpit" but so far I did not find anything that could resolve my issue. And sure, I can post an exact way of what I did if that's going to help



I went through my bash history and yes, I did install iptables.service. But, I just uninstalled iptables-services to try and start firewalld without iptables.services, and I still have the same message: "Job for firewalld.service failed because a timeout was exceeded"

r3sistance, thank you so much for your comment! I overreacted a bit and input
I'm sure this is not exactly a smart thing to do, as it removed 159 packages... but I manually reinstalled most of them, leaving only iptables-services out and now when I say

It actually says

● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor pr
Active: active (running) since Mon 2017-02-20 13:20:04 PST; 2min 32s ago
Docs: man:firewalld(1)
Main PID: 907 (firewalld)
CGroup: /system.slice/firewalld.service
└─907 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid

Feb 20 13:20:03 Reksio systemd[1]: Starting firewalld - dynamic firewall daemon.
Feb 20 13:20:04 Reksio systemd[1]: Started firewalld - dynamic firewall daemon.


So I think I not only installed iptables-services but also when I removed them I did something wrong and they were still interrupting firewalld.
Thanks again

did you check if the service was running before you uninstalled it? I am not sure if uninstalling it actually stops the service and so you maybe to check systemctl to see if it still appears.

I am not familiar with DNF but as a branch of yum, there is always the history rollback option if you want to make sure you get everything back. Unless you used that already, that is also a command to be careful with tho.

Unless something changed since yesterday, it was running but I didn't check it today. And I would expect it to stop running after being uninstalled... but I'm not sure to be honest

Well if you got firewalld running now, then it isn't as they'd conflict over trying to control the same kernel module.

Well now firewalld is running but iptables-services is not installed and when I'm trying to check the status
It tells me that: "Unit iptables.service could not be found."
So my guess is they were conflicting before but now iptables.service is not running anymore