Red Hat Bugzilla – Bug 1288758
firewalld is running even when disabled
Last modified: 2015-12-08 09:46:53 EST
Description of problem:
An F23 server machine (upgraded from f21), will come up with the firewalld service running, even when it's disabled.
Version-Release number of selected component (if applicable):
I don't know. The machine works well in all other aspects, near as I can tell, however, I did not try to reproduce.
Steps to Reproduce:
1. System with F21
2. Upgrade it to F23 successfully (where firewalld was disabled)
3. Disable firewalld again
4. It still comes up every time the machine boots, so I cannot access all services in the machine
I do not want to have to open specific ports, there are too many services and we want to be able to add/remove things without worrying about the firewall, as it is in a trusted network.
# systemctl disable firewalld
# shutdown -r now
# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2015-12-05 13:09:50 PST; 1s ago
Main PID: 25070 (firewalld)
└─25070 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid
it should not start at boot time, as it's disabled.
Because this was not a fresh install, it may or may not be a straight up bug (I could not find anything similar in the db).
However, I still need to *really* disable this, as these two files are not there:
# ll /etc/systemd/system/*/firewall*
ls: cannot access /etc/systemd/system/*/firewall*: No such file or directory
So, I am not sure through what process is firewalld started, and how to stop that! Help!
Also, a bit OT, but could I have a pointer to this "vendor preset: disabled" property?
I do not think I have seen that before and I wonder what it is and how to manage it.
It seems there is another service that requires firewalld. systemd is then starting then the service even if it is disabled.
Please have a look at disabled versus masked units in systemd.
found that rolekit requires firewalld. thanks.
1) sorry, how do i find out what are the masked units?
2) any pointer to "vendor preset"? (a search did not help much)
Use "systemctl list-unit-files" ans search for "masked"