Bug 1747511

Summary: errors for missing ipv6 sysctls when ipv6 is disabled
Product: Red Hat Enterprise Linux 8 Reporter: Tomas Dolezal <todoleza>
Component: firewalldAssignee: Eric Garver <egarver>
Status: CLOSED ERRATA QA Contact: Tomas Dolezal <todoleza>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.1CC: todoleza
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: firewalld-0.8.0-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:51:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Dolezal 2019-08-30 16:19:30 UTC 
Description of problem:
having ipv6.disabled=1 leads to ERROR level messages in firewalld log (not impacting it's functionality) when using masquerade. unavailable ipv6 procfs path's are causing this error.

Version-Release number of selected component (if applicable):
firewalld-0.7.0-5.el8.noarch

How reproducible:
always

Steps to Reproduce:
boot with ipv6.disabled=1 on kernel cmdline
check `ip -6 a` output to by empty
systemctl restart firewalld
tail -f /var/log/firewalld &
firewall-cmd --add-masquerade
firewall-cmd --state

Actual results:
# firewall-cmd --add-masquerade
2019-08-30 12:09:36 ERROR: Failed to write to file "/proc/sys/net/ipv6/conf/all/forwarding": [Errno 2] No such file or directory: '/proc/sys/net/ipv6/conf/all/forwarding'
success
# firewall-cmd --state
running

Expected results:
ipv6 sysctls not used if ipv6/AF_INET6 is not available.

Additional info:
restart with masquerade in permanent config does not fail to start either though the error is emitted the same.
Comment 1 Eric Garver 2019-08-30 17:06:02 UTC 
Upstream:

  b28611dee5a2 ("fix: tests: ignore errors about setting ipv6 forwarding")
  e9c171d3e1d9 ("fix: tests/regression/gh335: don't set ipv6 sysctls if ipv6 not usable")
  f9ede55708e3 ("fix: tests/functions: add macro HOST_SUPPORTS_IPV6")
  5605eefb65ad ("test: coverage to make sure masquerade/forward-port only affect IPv4")
  816f62a29424 ("fix: nftables: --forward-ports should only affect IPv4")
  88e13653686e ("fix: --add-masquerade should only affect ipv4")
Comment 7 errata-xmlrpc 2020-04-28 16:51:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1836