| Summary: | Problems with firewalld rules - Not getting specific debug as to the specific problem | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mike <MikeDawg> | ||||||||||
| Component: | firewalld | Assignee: | Eric Garver <egarver> | ||||||||||
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||||
| Severity: | medium | Docs Contact: | |||||||||||
| Priority: | unspecified | ||||||||||||
| Version: | 25 | CC: | MikeDawg, twoerner | ||||||||||
| Target Milestone: | --- | ||||||||||||
| Target Release: | --- | ||||||||||||
| Hardware: | x86_64 | ||||||||||||
| OS: | Linux | ||||||||||||
| Whiteboard: | |||||||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||||
| Doc Text: | Story Points: | --- | |||||||||||
| Clone Of: | Environment: | ||||||||||||
| Last Closed: | 2017-09-27 00:45:50 UTC | Type: | Bug | ||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||
| Documentation: | --- | CRM: | |||||||||||
| Verified Versions: | Category: | --- | |||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
| Attachments: |
|
||||||||||||
Please start firewalld in the debug mode and attach the output. Please have a look at http://www.firewalld.org/documentation/howto/debug-firewalld.html for information how to use the debug mode. Hi Thomas, Can you be a little more specific about what you want attached, as I've already attached firewalld in debug mode, level 2? I am sorry, I missed the log before. From the log there are several errors: ERROR: Failed to load service file 'sonarr.xml': [Errno 13] Permission denied: '/etc/firewalld/services/sonarr.xml' This will most likely require a relabel: "restorecon -rvF /etc/firewalld". Failed to load service file 'plexmediaserver.xml': /etc/firewalld/services/plexmediaserver.xml:1:0: no element found The file seems to be corrupt. Please increase the debug level to also get a listing of the /run/firewalld/temp.X files added to the log. Ok, I will do the requested actions, most likely tomorrow or the next day, as I'm not currently near the system. I will say, that I did try to temporarily disable selinux (setenforce 0) as a troubleshooting step, and reload the firewall, and I ran into the same issues as I was experiencing in this ticket. Also, another troubleshooting step that I attempted, was touching the ~/.autorelabel file and I rebooted the system, to attempt to clean/clear up any potential or existing issues with the various selinux contexts (I'm not 100% of the touch of ~/.autorelabel, and reboot, would do the equivalent of restorecon -rvF /etc/firewalld). As I said, I will double check the format, permissions, and everything else associated with the plexmediaserver.xml and sonarr.xml files (and all custom made firewalld xml files, which I believe I have 4 or 5 of) in the next day or two. I will also attempt the restorecon. Created attachment 1232682 [details]
firewalld - --debug=10
Created attachment 1232683 [details]
sonarr.xml
/etc/firewalld/services/sonarr.xml
Created attachment 1232684 [details]
/etc/firewalld/services/plexmediaserver.xml
/etc/firewalld/services/plexmediaserver.xml
[host]# ls -lah /etc/firewalld/services/ total 28K drwxr-x---. 2 root root 4.0K Dec 16 10:52 . drwxr-x---. 7 root root 4.0K Dec 10 00:19 .. -rw-r--r--. 1 root root 170 Aug 18 12:51 cowrie.xml -rw-r--r--. 1 root root 202 Dec 9 18:21 minecraft.xml -rw-r--r--. 1 root root 553 Dec 14 19:53 plexmediaserver.xml -rw-r--r--. 1 root root 157 Aug 2 10:19 plexpy.xml -rw-r--r--. 1 root root 174 Aug 1 21:46 sonarr.xml |
Created attachment 1230238 [details] firewalld log -- set debug level in /etc/sysconfig/firewalld to FIREWALLD_ARGS=--debug=2 Description of problem: I'm working with my firewall, since the fedup upgrade of my fedora system, from 24 -> 25. Getting a lot of errors with my previously (Fedora 24) working firewall. Unable to work with new or current/existing zones. Version-Release number of selected component (if applicable): firewall-config-0.4.4.2-1.fc25.noarch firewalld-0.4.4.2-1.fc25.noarch python3-firewall-0.4.4.2-1.fc25.noarch firewalld-filesystem-0.4.4.2-1.fc25.noarch firewalld-selinux-0.4.4.2-1.fc25.noarch How reproducible: Everytime Steps to Reproduce: 1. Attempt to make firewall change via firewall-cmd or via the system-config utility. 2. Command will error out with ERROR: COMMAND_FAILED along with errors relating to iptables-restore and ip6tables-restore Actual results: Unable to make changes to active zone in firewall. Only action is to enable/disable firewall. Expected results: I should be able to modify firewall/firewall rules Additional info: