Bug 814882
| Summary: | firewall-config not found | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | netroby <hufeng1987> |
| Component: | system-config-firewall | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Dan Mashal <dan.mashal> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 17 | CC: | bugs.michael, bugzilla, code, dan.mashal, emmanuel.touzery, jnicol, jpopelka, karlp, kc0osh, kelvin, leifer, twoerner |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-11-04 06:47:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
netroby
2012-04-20 23:37:39 UTC
when i try to enable samba via firewall-cmd, it not working at all.
[netroby@f17 ~]$ sudo firewall-cmd --enable --service=samba
Wrong action and mode combination
but via the man.
it show like this:
Usage: /bin/firewall-cmd HELP | STATUS | PANIC | ZONE | MODE
HELP := { -v | --version |
-h | --help }
STATUS := { --reload |
--complete-reload |
--state }
PANIC := { --enable |
--disable |
--query } --panic
ZONE := { --get-default-zone |
--set-default-zone=<zone> |
--get-zones |
--get-active-zones |
--get-zone-of-interface=<interface> }
MODE := [ --zone=<zone> ]
{ --add [--timeout=<seconds>] ACTION |
--remove ACTION |
--enable [--timeout=<seconds>] --masquerade |
--disable --masquerade |
--query { ACTION | --masquerade } |
--list={ ACTION | all } |
--direct DIRECT }
ACTION := { --service=<service> |
--port=<port>[-<port>]/<protocol> |
--interface=<interface> |
--forward-port=port=<port>:proto=<protocol>{[:toport=<destination port>] | [:toaddr=<destination address>]} |
--icmp-block=<icmp type> }
DIRECT := { --passthrough {ipv4|ipv6|eb} args }
is it some things wrong ?
or why the enable MODE could not working?
I am not sure i was clear understand the command . did the --enable command means firewalld will always allow this service ? i know the --add command will allow service till the OS was poweroff. because i see the rules will reset when i restart my computer (In reply to comment #0) > frewall-config not found, try to using system-config-firewall to configure > my firewall rules , but it trigger errors, show me : firewalld is active, > please using firewall-config. > but i could not using firewall-config , because i cound not find it any where. > i know how to using firewall-cmd to configure rules, but it could not save > rules, i should manual configure firewall rules after every restart my > computer, what the hell? firewall-config isn't finished yet and won't be finished before F-17 GOLD (see http://lists.fedoraproject.org/pipermail/devel/2012-April/166039.html) Yes, the changes done with firewall-cmd are runtime (not persistant) only. To do persistant changes update to firewalld-0.2.5-1.fc17 from updates-testing and see firewalld(1) man page. > Expected results: > you should gave us a choice, > 1. let configure firewall rules via firewall-config. > 2. let us using old system-config-firewall The "firewalld is active, please use firewall-config" warning in system-config-firewall is misleading indeed, while the firewall-config is not yet finished. We should fix it until firewall-config is released. (moving this BZ to system-config-firewall component) (In reply to comment #2) > I am not sure i was clear understand the command . > did the --enable command means firewalld will always allow this service ? Update to firewalld-0.2.5-1.fc17 from updates-testing and see firewall-cmd(1) man page. > i know the --add command will allow service till the OS was poweroff. > because i see the rules will reset when i restart my computer Yes, see above comments. *** Bug 823312 has been marked as a duplicate of this bug. *** (In reply to comment #3) > firewall-config isn't finished yet and won't be finished before F-17 GOLD > (see > http://lists.fedoraproject.org/pipermail/devel/2012-April/166039.html) F17 gold has come and gone. system-config-firewall still errors out and tells you to use firewall-config that doesn't exist. This is a usability #FAIL. That is correct Casey. Thomas, can you please provide an update? As of today I am able to run system-config-firewall and it brings up a gnome3 interface to configure the firewall. The interface is great. 1 area of concern: 1) What if you are not using Gnome/X windows? What if you are not using X windows installed? How would you configure the firewall via a text gui now? I will open a new bug for this. As of today with all the standard updates installed, I still see the error from system-config-firewall. At which revision is this resolved? [root@merlin ~]# rpm -qa *firewall* system-config-firewall-1.2.29-7.fc17.noarch system-config-firewall-base-1.2.29-7.fc17.noarch firewalld-0.2.5-1.fc17.noarch system-config-firewall-tui-1.2.29-7.fc17.noarch firewall-applet-0.2.5-1.fc17.noarch [root@merlin ~]# Kelvin, Which desktop engine are you using? Gnome 3? KDE? XFCE? LXDE? Sugar? Thanks, Dan Hi Dan, That would be Gnome3. Regards, Kelvin. Hi Kelvin, So are you running system-config-firewall from a terminal? It works fine for me on a fresh install of Fedora 17 and Gnome 3. What are the steps to reproduce the issue you are having? Screenshot: http://i.imgur.com/9z9V1.jpg Thanks, Dan Hi Dan, Yes, it's a fresh install of F17-i386 with the default Gnome3 in use. firewalld is running. [kelvin@merlin ~]$ systemctl status firewalld.service firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Tue, 10 Jul 2012 16:31:12 +0100; 4h 58min ago Main PID: 15633 (firewalld) CGroup: name=systemd:/system/firewalld.service └ 15633 /usr/bin/python /usr/sbin/firewalld --nofork Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. [kelvin@merlin ~]$ Any attempt to run system-config-firewall from "terminal" as either root or kelvin gives the same error as originally reported. All updates as of about 30 minutes ago have been applied. Regards, Kelvin I have reopened the bug and will look into this. Thanks, Dan As a note, it works on x86_64. The code in /bin/system-config-firewall seems very clear...
if fw_firewalld.firewalld_active():
dialog = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, gtk.BUTTONS_CLOSE)
dialog.set_markup(_("ERROR: FirewallD is active, please use firewall-config."))
dialog.set_position(gtk.WIN_POS_CENTER)
dialog.set_title(fw_config.APP_NAME)
dialog.show_all()
result = dialog.run()
dialog.hide()
sys.exit(2)
I don't see any escape route from the failure mode.
system-config-firewall-1.2.29-7.fc17.noarch
Regards,
Kelvin.
Why is firewalld active on your machine? firewalld is optional in F-17. system-config-firewall is only able to configure the old firewall stack (lokkit). firewall-config is not ready yet, but will be soon. For runtime settings, please use firewall-cmd or chnage the config files by hand (see man pages). The answer to that is simple. It is mandated by the process of searching for and adding a new printer using the standard F17 printer configuration tool. The tool wants to dynamically add in allowed protocols so that it can find anything suitable on the local subnet. Regards, Kelvin. Confirming same situation as Kelvin, and I do also suspect that the printer config tool is what started firewalld in the first place. "me too". My workaround, 1. Stop firewalld $ sudo systemctl stop firewalld.service 2. Start firewall gui $ sudo system-config-firewall Please use the workaround above. This doesn't look like it's going to be fixed in f17. This is fixed in f18. I just upgraded from fedora 17 to fedora 18 (using fedup) and the problem is there. firewall-config is provided by the firewall-config package, which is part of the desktop groups. Please either install the complete desktop group form F-18 (yum groupinstall XYZ-desktop) or install the firewall-config package. I just upgraded this week to Fedora 18 from 17 using fedup as well and got the following in xfce desktop when I tried to configure the firewall. "Error: FirewallD is active, please use firewall-config" I tried to reinstall the xfce desktop group (using yum groupinstall xfce-desktop) and it did not fix the problem. The workaround works, but searching the Internet I found a fix. Hope this helps others! http://www.linuxbsdos.com/2013/01/20/how-to-straighten-out-firewall-configuration-on-fedora-18/ Thomas: surely that's still a bug in the upgrade process though? (I ran into this upgrading fed17 to fed18 via fedup too) |
