Bug 1054656 - Interface is not assigned to any zone. Error: __rule() takes exactly 5 arguments (4 given)
Summary: Interface is not assigned to any zone. Error: __rule() takes exactly 5 argume...
Keywords:
Status: CLOSED DUPLICATE of bug 1054068
Alias: None
Product: Fedora
Classification: Fedora
Component: firewalld
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-17 08:24 UTC by Juan Orti
Modified: 2014-01-17 08:29 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-01-17 08:29:33 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Juan Orti 2014-01-17 08:24:21 UTC
Description of problem:
After updating to firewalld-0.3.9-1.fc20.noarch and reboot, I cannot ssh to my servers.
I see the interface is not assigned to any zone:

# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since jue 2014-01-16 23:21:28 CET; 9h ago
 Main PID: 449 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─449 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

# grep ZONE /etc/sysconfig/network-scripts/ifcfg-eth0
ZONE="public"

# firewall-cmd  --get-zone-of-interface=eth0
no zone

# firewall-cmd --add-interface=eth0 --zone=public
Error: __rule() takes exactly 5 arguments (4 given)

# firewall-cmd --add-interface=eth0 --zone=public --permanent
success

# firewall-cmd  --get-zone-of-interface=eth0
no zone

Version-Release number of selected component (if applicable):
firewalld-0.3.9-1.fc20.noarch
NetworkManager-glib-0.9.9.0-24.git20131003.fc20.x86_64
NetworkManager-0.9.9.0-24.git20131003.fc20.x86_64
selinux-policy-3.12.1-117.fc20.noarch
selinux-policy-targeted-3.12.1-117.fc20.noarch

How reproducible:
It has happened to me in 2 servers.

Steps to Reproduce:
1. Update firewalld
2. Reboot

Actual results:
No SSH, interface not assigned to a zone, rules lost.

Expected results:
A working firewall

Additional info:
# journalctl -f -a -b -u NetworkManager
[...]
ene 16 23:21:31 strange.miceliux.com NetworkManager[543]: <info> (eth0): carrier is OFF
ene 16 23:21:31 strange.miceliux.com NetworkManager[543]: <info> (eth0): new Ethernet device (driver: 'virtio_net' ifindex: 2)
ene 16 23:21:31 strange.miceliux.com NetworkManager[543]: <info> (eth0): exported as /org/freedesktop/NetworkManager/Devices/1
ene 16 23:21:31 strange.miceliux.com NetworkManager[543]: <info> (eth0): No existing connection detected.
ene 16 23:21:31 strange.miceliux.com NetworkManager[543]: <info> (eth0): device state change: unmanaged -> unavailable (reason 'managed') [10 20 2]
ene 16 23:21:31 strange.miceliux.com NetworkManager[543]: <info> (eth0): bringing up device.
ene 16 23:21:31 strange.miceliux.com NetworkManager[543]: <info> (eth0): link connected
ene 16 23:21:31 strange.miceliux.com NetworkManager[543]: <warn> Couldn't get managed objects: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.bluez was not provided by any .service files
ene 16 23:21:31 strange.miceliux.com NetworkManager[543]: <info> (eth0): device state change: unavailable -> disconnected (reason 'carrier-changed') [20 30 40]
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> Auto-activating connection 'eth0'.
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) starting connection 'eth0'
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> (eth0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> NetworkManager state is now CONNECTING
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <warn> (eth0): add_pending_action (4): 'autoactivate' already added
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: file devices/nm-device.c: line 6868 (nm_device_add_pending_action): should not be reached
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) scheduled...
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <warn> (eth0): remove_pending_action (3): 'autoactivate' never added
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: file devices/nm-device.c: line 6919 (nm_device_remove_pending_action): should not be reached
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) started...
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 2 of 5 (Device Configure) scheduled...
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) complete.
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 2 of 5 (Device Configure) starting...
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> (eth0): device state change: prepare -> config (reason 'none') [40 50 0]
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 2 of 5 (Device Configure) successful.
ene 16 23:21:32 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 2 of 5 (Device Configure) complete.
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <warn> (eth0) firewall zone add/change failed: (32) __rule() takes exactly 5 arguments (4 given)
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 3 of 5 (IP Configure Start) scheduled.
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 3 of 5 (IP Configure Start) started...
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> (eth0): device state change: config -> ip-config (reason 'none') [50 70 0]
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 5 of 5 (IPv4 Configure Commit) scheduled...
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 5 of 5 (IPv6 Commit) scheduled...
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 3 of 5 (IP Configure Start) complete.
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 5 of 5 (IPv4 Commit) started...
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> (eth0): device state change: ip-config -> ip-check (reason 'none') [70 80 0]
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <warn> (eth0): add_pending_action (3): 'queued state lock' already added
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: file devices/nm-device.c: line 6868 (nm_device_add_pending_action): should not be reached
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 5 of 5 (IPv4 Commit) complete.
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 5 of 5 (IPv6 Commit) started...
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) Stage 5 of 5 (IPv6 Commit) complete.
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> (eth0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
ene 16 23:21:33 strange.miceliux.com NetworkManager[543]: <info> (eth0): device state change: secondaries -> activated (reason 'none') [90 100 0]
ene 16 23:21:34 strange.miceliux.com NetworkManager[543]: <info> NetworkManager state is now CONNECTED_GLOBAL
ene 16 23:21:34 strange.miceliux.com NetworkManager[543]: <info> Policy set 'eth0' (eth0) as default for IPv4 routing and DNS.
ene 16 23:21:34 strange.miceliux.com NetworkManager[543]: <info> Policy set 'eth0' (eth0) as default for IPv6 routing and DNS.
ene 16 23:21:34 strange.miceliux.com NetworkManager[543]: <info> Activation (eth0) successful, device activated.
ene 16 23:21:34 strange.miceliux.com NetworkManager[543]: <warn> (eth0) firewall zone add/change failed: (32) __rule() takes exactly 5 arguments (4 given)
ene 16 23:21:36 strange.miceliux.com NetworkManager[543]: <info> startup complete


# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  729  171K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   15  1002 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
 5198  740K INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 5198  740K INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 5198  740K INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   33  2660 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
 5165  738K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 802 packets, 106K bytes)
 pkts bytes target     prot opt in     out     source               destination
 1955  208K OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD_IN_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_IN_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_OUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Comment 1 Jiri Popelka 2014-01-17 08:29:33 UTC
Try firewalld-0.3.9.2-1.fc20
https://koji.fedoraproject.org/koji/buildinfo?buildID=491775
and possibly give some karma in
https://admin.fedoraproject.org/updates/firewalld-0.3.9.2-1.fc20

*** This bug has been marked as a duplicate of bug 1054068 ***


Note You need to log in before you can comment on or make changes to this bug.