Bug 1301258 - Rolekit startup brings up firewalld which conflicts with shorewall
Rolekit startup brings up firewalld which conflicts with shorewall
Product: Fedora
Classification: Fedora
Component: rolekit (Show other bugs)
All Linux
unspecified Severity high
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2016-01-23 01:39 EST by Frank Crawford
Modified: 2016-01-25 08:27 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-01-25 08:27:55 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Frank Crawford 2016-01-23 01:39:42 EST
Description of problem:
The latest version of rolekit's systemd configuration file includes a requirement for firewalld.  This conflicts with other firewall products, such as shorewall, and causes incorrect iptable rules to be applied

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. systemctl disable firewalld.service
2. systemctl stop firewalld.service (if going)
3. systemctl restart rolekit.service

Actual results:
firewalld is restarted

Expected results:
firewalld not running

Additional info:
This appears to only have occurred in the latest RPM.
Comment 1 Stephen Gallagher 2016-01-25 08:27:55 EST
This is intentional. Rolekit has a very tight dependency on firewalld. If you are using shorewall or another firewall service, then you should disable rolekit. The fact that we were missing this explicit dependency previously was a bug; rolekit would not have worked properly without it.

Note You need to log in before you can comment on or make changes to this bug.