This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1288758 - firewalld is running even when disabled
firewalld is running even when disabled
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: firewalld (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-05 16:17 EST by cpg
Modified: 2015-12-08 09:46 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 16:16:17 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description cpg 2015-12-05 16:17:11 EST
Description of problem:

An F23 server machine (upgraded from f21), will come up with the firewalld service running, even when it's disabled.

Version-Release number of selected component (if applicable):

firewalld-0.3.14.2-4.fc23.noarch

How reproducible:

I don't know. The machine works well in all other aspects, near as I can tell, however, I did not try to reproduce.

Steps to Reproduce:
1. System with F21
2. Upgrade it to F23 successfully (where firewalld was disabled)
3. Disable firewalld again
4. It still comes up every time the machine boots, so I cannot access all services in the machine

I do not want to have to open specific ports, there are too many services and we want to be able to add/remove things without worrying about the firewall, as it is in a trusted network.

Actual results:

# systemctl disable firewalld
#
...
# shutdown -r now
...
# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2015-12-05 13:09:50 PST; 1s ago
 Main PID: 25070 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─25070 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid

Expected results:

it should not start at boot time, as it's disabled.

Additional info:

Because this was not a fresh install, it may or may not be a straight up bug (I could not find anything similar in the db).

However, I still need to *really* disable this, as these two files are not there:

/etc/systemd/system/basic.target.wants/firewalld.service
/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service

in fact:

# ll /etc/systemd/system/*/firewall*
ls: cannot access /etc/systemd/system/*/firewall*: No such file or directory

So, I am not sure through what process is firewalld started, and how to stop that! Help!

Also, a bit OT, but could I have a pointer to this "vendor preset: disabled" property?
I do not think I have seen that before and I wonder what it is and how to manage it.
Comment 1 Thomas Woerner 2015-12-07 07:22:27 EST
It seems there is another service that requires firewalld. systemd is then starting then the service even if it is disabled.

Please have a look at disabled versus masked units in systemd.
Comment 2 cpg 2015-12-07 16:16:17 EST
found that rolekit requires firewalld. thanks.

1) sorry, how do i find out what are the masked units?
2) any pointer to "vendor preset"? (a search did not help much)
Comment 3 Thomas Woerner 2015-12-08 09:46:53 EST
Use "systemctl list-unit-files" ans search for "masked"

Note You need to log in before you can comment on or make changes to this bug.