Hide Forgot
Created attachment 1230238 [details] firewalld log -- set debug level in /etc/sysconfig/firewalld to FIREWALLD_ARGS=--debug=2 Description of problem: I'm working with my firewall, since the fedup upgrade of my fedora system, from 24 -> 25. Getting a lot of errors with my previously (Fedora 24) working firewall. Unable to work with new or current/existing zones. Version-Release number of selected component (if applicable): firewall-config-0.4.4.2-1.fc25.noarch firewalld-0.4.4.2-1.fc25.noarch python3-firewall-0.4.4.2-1.fc25.noarch firewalld-filesystem-0.4.4.2-1.fc25.noarch firewalld-selinux-0.4.4.2-1.fc25.noarch How reproducible: Everytime Steps to Reproduce: 1. Attempt to make firewall change via firewall-cmd or via the system-config utility. 2. Command will error out with ERROR: COMMAND_FAILED along with errors relating to iptables-restore and ip6tables-restore Actual results: Unable to make changes to active zone in firewall. Only action is to enable/disable firewall. Expected results: I should be able to modify firewall/firewall rules Additional info:
Please start firewalld in the debug mode and attach the output. Please have a look at http://www.firewalld.org/documentation/howto/debug-firewalld.html for information how to use the debug mode.
Hi Thomas, Can you be a little more specific about what you want attached, as I've already attached firewalld in debug mode, level 2?
I am sorry, I missed the log before. From the log there are several errors: ERROR: Failed to load service file 'sonarr.xml': [Errno 13] Permission denied: '/etc/firewalld/services/sonarr.xml' This will most likely require a relabel: "restorecon -rvF /etc/firewalld". Failed to load service file 'plexmediaserver.xml': /etc/firewalld/services/plexmediaserver.xml:1:0: no element found The file seems to be corrupt. Please increase the debug level to also get a listing of the /run/firewalld/temp.X files added to the log.
Ok, I will do the requested actions, most likely tomorrow or the next day, as I'm not currently near the system. I will say, that I did try to temporarily disable selinux (setenforce 0) as a troubleshooting step, and reload the firewall, and I ran into the same issues as I was experiencing in this ticket. Also, another troubleshooting step that I attempted, was touching the ~/.autorelabel file and I rebooted the system, to attempt to clean/clear up any potential or existing issues with the various selinux contexts (I'm not 100% of the touch of ~/.autorelabel, and reboot, would do the equivalent of restorecon -rvF /etc/firewalld). As I said, I will double check the format, permissions, and everything else associated with the plexmediaserver.xml and sonarr.xml files (and all custom made firewalld xml files, which I believe I have 4 or 5 of) in the next day or two. I will also attempt the restorecon.
Created attachment 1232682 [details] firewalld - --debug=10
Created attachment 1232683 [details] sonarr.xml /etc/firewalld/services/sonarr.xml
Created attachment 1232684 [details] /etc/firewalld/services/plexmediaserver.xml /etc/firewalld/services/plexmediaserver.xml
[host]# ls -lah /etc/firewalld/services/ total 28K drwxr-x---. 2 root root 4.0K Dec 16 10:52 . drwxr-x---. 7 root root 4.0K Dec 10 00:19 .. -rw-r--r--. 1 root root 170 Aug 18 12:51 cowrie.xml -rw-r--r--. 1 root root 202 Dec 9 18:21 minecraft.xml -rw-r--r--. 1 root root 553 Dec 14 19:53 plexmediaserver.xml -rw-r--r--. 1 root root 157 Aug 2 10:19 plexpy.xml -rw-r--r--. 1 root root 174 Aug 1 21:46 sonarr.xml