Bug 1479951 - firewalld shows WARNING messages INVALID_ICMPTYPE: No supported ICMP type., ign...time.
Summary: firewalld shows WARNING messages INVALID_ICMPTYPE: No supported ICMP type., i...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firewalld (Show other bugs)
(Show other bugs)
Version: 7.4
Hardware: Unspecified Unspecified
high
medium
Target Milestone: rc
: ---
Assignee: Phil Sutter
QA Contact: Tomas Dolezal
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-09 19:43 UTC by Akhil John
Modified: 2018-04-10 10:31 UTC (History)
11 users (show)

Fixed In Version: firewalld-0.4.4.4-11.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 10:30:16 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2018:0702 None None None 2018-04-10 10:31 UTC
Red Hat Knowledge Base (Solution) 3146311 None None None 2017-08-09 20:11 UTC

Description Akhil John 2017-08-09 19:43:48 UTC
Description of problem:
FirewallD shows warning messages like INVALID_ICMPTYPE: No supported ICMP type., ign...time.

Version-Release number of selected component (if applicable):
firewalld-0.4.4.4-6.el7.noarch
RHEL 7.4

How reproducible:
Always

Steps to Reproduce:
1.Start the firewalld-0.4.4.4-6.el7.noarch and check the status which shows:

# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: active (running) since Thu 2017-08-10 03:32:41 CST; 8min ago
     Docs: man:firewalld(1)
 Main PID: 1151 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─1151 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Aug 10 03:32:40 rhel7u4-1.gsslab.pek2.redhat.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 10 03:32:41 rhel7u4-1.gsslab.pek2.redhat.com systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 10 03:32:41 rhel7u4-1.gsslab.pek2.redhat.com firewalld[1151]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Aug 10 03:32:41 rhel7u4-1.gsslab.pek2.redhat.com firewalld[1151]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 03:32:41 rhel7u4-1.gsslab.pek2.redhat.com firewalld[1151]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Aug 10 03:32:41 rhel7u4-1.gsslab.pek2.redhat.com firewalld[1151]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 03:32:41 rhel7u4-1.gsslab.pek2.redhat.com firewalld[1151]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Aug 10 03:32:41 rhel7u4-1.gsslab.pek2.redhat.com firewalld[1151]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.

2. The /var/log/firewalld file also shows has the same messages. These messages are generated on every restart of firewalld.service.
# cat /var/log/firewalld 
2017-08-10 03:32:41 WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
2017-08-10 03:32:41 WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
2017-08-10 03:32:41 WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
2017-08-10 03:32:41 WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
2017-08-10 03:32:41 WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
2017-08-10 03:32:41 WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.



Expected results:
There shouldn't be any warning messages.!

Additional info:
firewalld is running with default configurations.

Comment 2 fgieseler 2017-08-21 18:31:37 UTC
Hi Team,

My components are:
- firewall-config-0.4.4.4-6.el7.noarch
- firewalld-0.4.4.4-6.el7.noarch
- python-firewall-0.4.4.4-6.el7.noarch
- firewalld-filesystem-0.4.4.4-6.el7.noarch

I appreciate a solution, or a new package if is available.

Thank you so much,

Kind regards

Comment 7 M.T 2017-11-23 09:53:16 UTC
Any news regarding this issue?

Comment 8 Tomas Dolezal 2017-11-23 12:48:11 UTC
(In reply to M.T from comment #7)
> Any news regarding this issue?
Hello, the fix is planned for upcoming minor release rhel-7.5.0

Comment 9 Marty Petersen 2017-12-01 18:48:33 UTC
I was getting the reject-route errors as well.  To resolve it in the short term I went into /usr/lib/firewalld and renamed reject-route.xml to reject-route.xml.bad.

This removes the issue for the short term until the patch is ready.

Comment 14 errata-xmlrpc 2018-04-10 10:30:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0702


Note You need to log in before you can comment on or make changes to this bug.