Bug 951059
| Summary: | firewall-cmd not functional: INVALID_ZONE | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Michael S. Tsirkin <mst> |
| Component: | firewalld | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 18 | CC: | jpopelka, twoerner |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-06-17 15:03:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Michael S. Tsirkin
2013-04-11 11:47:33 UTC
Examples here should be more up to date: https://fedoraproject.org/wiki/FirewallD#Using_firewall-cmd Anyway it's strange, you should actually see Warning: ALREADY_ENABLED because by default (if you don't specify --zone) it modifies 'public' zone, which has 'ssh' already added. You can add '--debug=2' to FIREWALLD_ARGS in /etc/sysconfig/firewalld, restart firewalld and check /var/log/firewalld afterwards whether you spot some more details. Do you see the same with 0.2.12-6 from updates-testing ? to comment 2: I did: yum --enablerepo=updates-testing install firewalld and got: Package firewalld.noarch 0:0.2.12-5.fc18 will be installed isn;t this the way to install the updates-testing mode? You're right, it's 0.2.12-5, not 0.2.12-6 I'm sorry. I usually use yum --enablerepo=updates-testing update firewalld same thing with 0.2.12-5 will try --debug ok one issue is nf_nat is not loaded.
2013-04-11 17:00:00 DEBUG2: firewall.core.ipXtables.ip4tables: /sbin/iptables -t nat -N PREROUTING_direct
2013-04-11 17:00:00 Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/firewall/server/decorators.py", line 40, in handle_exceptions
return func(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/firewall/server/firewalld.py", line 75, in start
return self.fw.start()
File "/usr/lib/python2.7/site-packages/firewall/core/fw.py", line 129, in start
self._apply_default_rules()
File "/usr/lib/python2.7/site-packages/firewall/core/fw.py", line 361, in _apply_default_rules
self.__apply_default_rules(ipv)
File "/usr/lib/python2.7/site-packages/firewall/core/fw.py", line 350, in __apply_default_rules
self.rule(ipv, _rule)
File "/usr/lib/python2.7/site-packages/firewall/core/fw.py", line 402, in rule
return self._ip4tables.set_rule(rule)
File "/usr/lib/python2.7/site-packages/firewall/core/ipXtables.py", line 119, in set_rule
return self.__run(rule)
File "/usr/lib/python2.7/site-packages/firewall/core/ipXtables.py", line 115, in __run
" ".join(_args), ret)
ValueError: '/sbin/iptables -t nat -N PREROUTING_direct' failed: iptables v1.4.16.2: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
2013-04-11 17:00:00 DEBUG1: zone.addInterface('', 'wlan0')
2013-04-11 17:00:00 DEBUG1: INVALID_ZONE
2013-04-11 17:00:17 DEBUG1: zone.addService('', 'ssh', 10)
2013-04-11 17:00:17 DEBUG1: INVALID_ZONE
Will try to fix that and see what happens.
I note in passing it would be nice to print this output
from firewall-cmd instead of INVALID_ZONE.
(In reply to comment #6) > ok one issue is nf_nat is not loaded. bug #926055 (In reply to Michael S. Tsirkin from comment #6) > ok one issue is nf_nat is not loaded. Closing as duplicate of bug #967376 for now. *** This bug has been marked as a duplicate of bug 967376 *** |