Bug 1573185 - Fail2ban prevents restarting firewalld (again, this time conflicting on ipset.service)
Summary: Fail2ban prevents restarting firewalld (again, this time conflicting on ipset...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: fail2ban
Version: 27
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Orion Poplawski
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-30 12:11 UTC by Michael Riss
Modified: 2018-08-22 00:45 UTC (History)
3 users (show)

Fixed In Version: fail2ban-0.10.3.1-2.fc28 fail2ban-0.10.3.1-2.fc27
Clone Of:
Environment:
Last Closed: 2018-06-28 14:08:16 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
journalctl _PID=1 for failed firewalld.service restart (231 bytes, text/plain)
2018-04-30 12:11 UTC, Michael Riss 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1379141 0 unspecified CLOSED Fail2ban prevents restarting firewalld 2021-02-22 00:41:40 UTC

Description Michael Riss 2018-04-30 12:11:47 UTC 
Created attachment 1428809 [details]
journalctl _PID=1 for failed firewalld.service restart

Description of problem:
This is practically the same bug as 1379141, but instead of being part of iptables, now fail2ban is "PartOf" ipset.service which conflicts with firewalld.service.

Version-Release number of selected component (if applicable):
fail2ban-0.10.2-1.fc27
firewalld-0.4.4.5-4.fc27
systemd-234-10.git5f8984e.fc27

How reproducible:
Always

Steps to Reproduce:
Identical to bug 1379141:
1. Install and start fail2ban.
2. systemctl restart firewalld

Actual results:
# systemctl restart firewalld.service 
Failed to restart firewalld.service: Transaction contains conflicting jobs 'restart' and 'stop' for fail2ban.service. Probably contradicting requirement dependencies configured.
See system logs and 'systemctl status firewalld.service' for details.

Expected results:
firewalld should restart without error messages

Additional info:
Identical to bug 1379141:
Both sequences:
1. systemctl stop fail2ban
2. systemctl restart firewalld
2. systemctl start fail2ban

or 

1. systemctl stop firewalld
2. systemctl start firewalld

work as expected.
Comment 1 Fedora Update System 2018-06-19 22:39:01 UTC 
fail2ban-0.10.3.1-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-7234068746
Comment 2 Fedora Update System 2018-06-19 22:39:16 UTC 
fail2ban-0.10.3.1-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e45c0e6856
Comment 3 Fedora Update System 2018-06-20 13:21:01 UTC 
fail2ban-0.10.3.1-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-7234068746
Comment 4 Fedora Update System 2018-06-20 16:08:40 UTC 
fail2ban-0.10.3.1-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e45c0e6856
Comment 5 Michael Riss 2018-06-20 16:23:31 UTC 
Great! The new package (fail2ban-0.10.3.1-2.fc27) fixes the bug on Fedora 27.
Comment 6 Fedora Update System 2018-06-28 14:08:16 UTC 
fail2ban-0.10.3.1-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2018-08-22 00:45:30 UTC 
fail2ban-0.10.3.1-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.