1301258 – Rolekit startup brings up firewalld which conflicts with shorewall

Bug 1301258 - Rolekit startup brings up firewalld which conflicts with shorewall

Summary: Rolekit startup brings up firewalld which conflicts with shorewall

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rolekit
Sub Component:
Version:	23
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-23 06:39 UTC by Frank Crawford
Modified:	2016-01-25 13:27 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-01-25 13:27:55 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Frank Crawford 2016-01-23 06:39:42 UTC

Description of problem:
The latest version of rolekit's systemd configuration file includes a requirement for firewalld.  This conflicts with other firewall products, such as shorewall, and causes incorrect iptable rules to be applied


Version-Release number of selected component (if applicable):
rolekit-0.4.0.1-2.fc23.noarch

How reproducible:
100%

Steps to Reproduce:
1. systemctl disable firewalld.service
2. systemctl stop firewalld.service (if going)
3. systemctl restart rolekit.service

Actual results:
firewalld is restarted

Expected results:
firewalld not running

Additional info:
This appears to only have occurred in the latest RPM.

Comment 1 Stephen Gallagher 2016-01-25 13:27:55 UTC

This is intentional. Rolekit has a very tight dependency on firewalld. If you are using shorewall or another firewall service, then you should disable rolekit. The fact that we were missing this explicit dependency previously was a bug; rolekit would not have worked properly without it.

Note You need to log in before you can comment on or make changes to this bug.