Description of problem: Broken iptables configuration after updating. Version-Release number of selected component (if applicable): 0.3.9-1 How reproducible, steps to reproduce: 1. Update from 0.3.8-1 to 0.3.9-1 Reboot did not help. Reverting to 0.3.8-1 did help, have not tried 0.3.9-1 again. Actual results: iptables-save shows a config with very few rules. NAT is broken, configured allowed ports are not opened as they should. "firewall-cmd --state" indicates that it is not running. firewall-config cannot show the permanent config (bug #1053874), only an incomplete runtime config. "systemctl status firewalld" however shows normal status ("Started firewalld - dynamic firewall daemon."), no errors.
Have you been using rich rules?
There is a problem with rich rules: #1054068
I've just updated my router machine and can confirm this behavior ("firewall-cmd --state" returning "not running", broken rules) with 0.3.9.2. Downgrading to 0.3.8 fixes the issue for me. I don't use "rich rules" ("firewall-cmd --list-rich-rules" returns empty). BTW, how the 0.3.9.2 update got pushed to stable is rather murky: https://admin.fedoraproject.org/updates/FEDORA-2014-1026/firewalld-0.3.9.2-1.fc20 The 0.3.9.2 update was pushed to stable no 2:30 hours after the build was added, without ever seeing the testing repo, just because it reached the stable karma threshold which was reduced to 2 -- this is not how updates of a critical path component should be handled.
Having tested this in a VM, I consider this to be the same issue as bug #1056154, closing this as a duplicate because the other bug contains more information. *** This bug has been marked as a duplicate of bug 1056154 ***