Red Hat Bugzilla – Bug 1476505
firewalld fails to load service unless --permanent is used
Last modified: 2017-08-01 09:34:49 EDT
Description of problem:
Firewalld service is throwing the error "Error: INVALID_SERVICE:" when adding the service. But there is no error with --permanent option.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add/Create a .xml file to the /etc/firewalld/services directory.
# cp /usr/lib/firewalld/services/imap.xml /etc/firewalld/services/post.xml
2. Now add this service to firewalld using:
# firewall-cmd --add-service=post
Error: INVALID_SERVICE: post
3. Adding the same service with --permanent option will accept the rule.
# firewall-cmd --add-service=post --permanent
Adding a non-existing service to firewalld shows the similar error.
# ls /etc/firewalld/services/umbi.xml
# firewall-cmd --add-service=umbi --permanent
Error: INVALID_SERVICE: 'umbi' not among existing services
# firewall-cmd --add-service=umbi
Error: INVALID_SERVICE: umbi
The service is available in runtime only after firewalld reload. After adding the service you may use one of following options:
--reload Reload firewall and keep state information
--complete-reload Reload firewall and lose state information
or systemd to reload the service
The configuration files of firewalld are not monitored.
The use of permanent scope allows adding the service as it acts based only on files and changes only files, thus the service is available upon valid file creation.
Please verify whether firewalld reload fixes the said issue in your environment.
Thank you for writing in.
After performing firewall-cmd --reload firewall adds the service (.xml service files) successfully.
Closing because this is working as expected.