firewall-cmd added support in firewalld-0.4.1 for the ability to populate an ipset from a file. In firewalld-0.4.3.2 that command is broken: # firewall-cmd --version 0.4.3.2 # firewall-cmd --permanent --ipset=blacklist --add-entries-from-file=ip-blacklist.conf Failed to read file 'i': [Errno 2] No such file or directory: 'i' Failed to read file 'p': [Errno 2] No such file or directory: 'p' Failed to read file '-': [Errno 2] No such file or directory: '-' Failed to read file 'b': [Errno 2] No such file or directory: 'b' Failed to read file 'l': [Errno 2] No such file or directory: 'l' Failed to read file 'a': [Errno 2] No such file or directory: 'a' Failed to read file 'c': [Errno 2] No such file or directory: 'c' Failed to read file 'k': [Errno 2] No such file or directory: 'k' Failed to read file 'l': [Errno 2] No such file or directory: 'l' Failed to read file 'i': [Errno 2] No such file or directory: 'i' Failed to read file 's': [Errno 2] No such file or directory: 's' Failed to read file 't': [Errno 2] No such file or directory: 't' Failed to read file '.': [Errno 21] Is a directory: '.' Failed to read file 'c': [Errno 2] No such file or directory: 'c' Failed to read file 'o': [Errno 2] No such file or directory: 'o' Failed to read file 'n': [Errno 2] No such file or directory: 'n' Failed to read file 'f': [Errno 2] No such file or directory: 'f' success # firewall-cmd --permanent --new-ipset-from-file=/etc/firewall d/blacklists/ip-blacklist.conf --name=blacklist2 Failed to load ipset file '/etc/firewalld/blacklists/ip-blacklist.conf': INVALID _NAME: 'ip-blacklist.conf' is missing .xml suffix # cp ip-blacklist.conf ip-blacklist.xml # firewall-cmd --permanent --new-ipset-from-file=/etc/firewalld/blacklists/ip-blacklist.conf --name=blacklist2 Failed to load ipset file '/etc/firewalld/blacklists/ip-blacklist.conf': INVALID_NAME: 'ip-blacklist.conf' is missing .xml suffix # cp ip-blacklist.conf ip-blacklist.xml # firewall-cmd --permanent --new-ipset-from-file=/etc/firewalld/blacklists/ip-blacklist.xml --name=blacklist2 Traceback (most recent call last): File "/usr/bin/firewall-cmd", line 954, in <module> obj = ipset_reader(filename, dirname) File "/usr/lib/python2.7/site-packages/firewall/core/io/ipset.py", line 226, i n ipset_reader parser.parse(f) File "/usr/lib64/python2.7/xml/sax/expatreader.py", line 110, in parse xmlreader.IncrementalParser.parse(self, source) File "/usr/lib64/python2.7/xml/sax/xmlreader.py", line 123, in parse self.feed(buffer) File "/usr/lib64/python2.7/xml/sax/expatreader.py", line 217, in feed self._err_handler.fatalError(exc) File "/usr/lib64/python2.7/xml/sax/handler.py", line 38, in fatalError raise exception xml.sax._exceptions.SAXParseException: /etc/firewalld/blacklists/ip-blacklist.xm l:1:0: syntax error
The fist part has been fixed upstream for firewall-cmd: https://github.com/t-woerner/firewalld/commit/04f5c99e5a8d82f490deeccf643a7a84941d2f7c and firewall-offline-cmd: https://github.com/t-woerner/firewalld/commit/495a1a527f03e12195ec6334a21eb7ba3924a6e8 But the second part is not correct. The option --new-ipset-from-file= requires a valid ipset xml file (see firewalld.ipset(5)) with the ipset settings like type.
Here is the fix to show a nice error message instead of a traceback using not xml content: https://github.com/t-woerner/firewalld/commit/9afdbaeb1d0ec11cff7d362618657d63df5b6dff
firewalld-0.4.3.3-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f
firewalld-0.4.3.3-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4dedc6ec3d
firewalld-0.4.3.3-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-de55d2c2c9
firewalld-0.4.3.3-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4dedc6ec3d
firewalld-0.4.3.3-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-47dc2b203f
firewalld-0.4.3.3-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-de55d2c2c9
firewalld-0.4.3.3-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
firewalld-0.4.3.3-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
firewalld-0.4.4.1-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-d2828a4793
firewalld-0.4.4.1-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-d2828a4793
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
firewalld-0.4.4.2-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b566ecf579
firewalld-0.4.4.2-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b566ecf579
firewalld-0.4.4.2-2.fc23 selinux-policy-3.13.1-158.25.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8a0533d057
firewalld-0.4.4.2-2.fc23, selinux-policy-3.13.1-158.25.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8a0533d057
Fedora 23 changed to end-of-life (EOL) status on 2016-12-20. Fedora 23 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.