Bug 1739415

Summary: Firewalld starts with errors and with no predefined rules when ipv6 is disabled in kernel after update
Product: Red Hat Enterprise Linux 7 Reporter: Marcin Rucinski <marcin.rucinski>
Component: firewalldAssignee: Eric Garver <egarver>
Status: CLOSED DUPLICATE QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.0CC: todoleza
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-09 12:29:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marcin Rucinski 2019-08-09 09:21:35 UTC 
After updgrading form RHEL7.6 to 7.7 firewalld 0.6.3 starts with errors and with no predefined rules present when ipv6 is disabled in kernel (ipv6.disable=1)


# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-08-08 13:39:03 CEST; 1h 19min ago
     Docs: man:firewalld(1)
Main PID: 1429 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─1429 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Aug 08 13:39:01 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 08 13:39:03 systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 08 13:39:04 firewalld[1429]: WARNING: ip6tables not usable, disabling IPv6 firewall.
Aug 08 13:39:04 firewalld[1429]: ERROR: UNKNOWN_ERROR: 'ip6tables' backend does not exist
Aug 08 13:39:04 firewalld[1429]: ERROR: COMMAND_FAILED: UNKNOWN_ERROR: 'ip6tables' backend does not exist
Aug 08 13:39:04 firewalld[1429]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain

                                  Error occurred at line: 2...
Aug 08 13:39:04  firewalld[1429]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain

# firewall-cmd --state
failed

# iptables -nvL
Chain INPUT (policy ACCEPT 1031 packets, 455K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 853 packets, 294K bytes)
pkts bytes target     prot opt in     out     source               destination

# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=sys/root rd.lvm.lv=sys/swap ipv6.disable=1 rhgb quiet transparent_hugepage=never"
GRUB_DISABLE_RECOVERY="true"
Comment 2 Marcin Rucinski 2019-08-09 09:35:05 UTC 
kernel 3.10.0-1062.el7.x86_64
Comment 3 Eric Garver 2019-08-09 12:29:51 UTC 

*** This bug has been marked as a duplicate of bug 1738785 ***