Bug 1476505 - firewalld fails to load service unless --permanent is used
firewalld fails to load service unless --permanent is used
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firewalld (Show other bugs)
7.3
Unspecified Linux
unspecified Severity high
: rc
: ---
Assigned To: Eric Garver
qe-baseos-daemons
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-29 13:35 EDT by Akhil John
Modified: 2017-08-01 09:34 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 09:34:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Akhil John 2017-07-29 13:35:57 EDT
Description of problem:
Firewalld service is throwing the error "Error: INVALID_SERVICE:" when adding the service. But there is no error with --permanent option.

Version-Release number of selected component (if applicable):
RHEL 7
firewalld

How reproducible:
Always

Steps to Reproduce:
1. Add/Create a .xml file to the /etc/firewalld/services directory.

# cp /usr/lib/firewalld/services/imap.xml /etc/firewalld/services/post.xml


2. Now add this service to firewalld using:
#  firewall-cmd --add-service=post
Error: INVALID_SERVICE: post

3. Adding the same service with --permanent option will accept the rule.
# firewall-cmd --add-service=post --permanent
success




Additional info:
Adding a non-existing service to firewalld shows the similar error.
# ls /etc/firewalld/services/umbi.xml
<no-output>

# firewall-cmd --add-service=umbi --permanent
Error: INVALID_SERVICE: 'umbi' not among existing services

# firewall-cmd --add-service=umbi 
Error: INVALID_SERVICE: umbi
Comment 2 Tomas Dolezal 2017-07-31 06:06:50 EDT
The service is available in runtime only after firewalld reload. After adding the service you may use one of following options:
firewall-cmd
  --reload             Reload firewall and keep state information
  --complete-reload    Reload firewall and lose state information
or systemd to reload the service
The configuration files of firewalld are not monitored.
The use of permanent scope allows adding the service as it acts based only on files and changes only files, thus the service is available upon valid file creation.

Please verify whether firewalld reload fixes the said issue in your environment.
Comment 3 Akhil John 2017-07-31 13:25:15 EDT
Hi Tomas,

Thank you for writing in.

After performing firewall-cmd --reload firewall adds the service (.xml service files) successfully.
Comment 4 Eric Garver 2017-08-01 09:34:49 EDT
Closing because this is working as expected.

Note You need to log in before you can comment on or make changes to this bug.