Hide Forgot
Description of problem: Firewalld shows "UNKNOWN_ERROR: 'ip6tables' backend does not exist" when IPv6 is disabled. Version-Release number of selected component (if applicable): firewalld-0.6.3-2.el7.noarch How reproducible: Always Steps to Reproduce: 1.Disable IPv6 and reboot 2. Check firewalld status. Actual results: WARNING: ip6tables not usable, disabling IPv6 firewall. ERROR: UNKNOWN_ERROR: 'ip6tables' backend does not exist ERROR: COMMAND_FAILED: UNKNOWN_ERROR: 'ip6tables' backend does not exist ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 10 failed ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 10 failed ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Expected results: SHould have NO errors Additional info: This issue is only with firewalld-0.6.3-2.el7.noarch when IPv6 is disabled.
hi, we can confirm this issue. current firewalld-0.6.3-2.el7.noarch will work with kernel boot parameter ipv6.disable=0 current firewalld-0.6.3-2.el7.noarch will NOT work with kernel boot parameter ipv6.disable=1 previous firewalld-0.5.3-5.el7.noarch will work with kernel boot parameter ipv6.disable=0 previous firewalld-0.5.3-5.el7.noarch will work with kernel boot parameter ipv6.disable=1
This has already been fixed upstream: bcb33e448abb ("fix: tests: guard occurrences of IPv6") 3ac719c1908d ("fix: tests/functions: ignore warnings about missing ip6tables") d569d7239f23 ("test: add macro IF_IPV6_SUPPORTED") 4d5c3f190dc3 ("test: add macro HOST_SUPPORTS_IP6TABLES") 8533c488a30d ("test: pass IPTABLES make variables down to autotest") 3fdffa76be42 ("fix: avoid calling backends that aren't available")
*** Bug 1739415 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1109