Bug 1739415 - Firewalld starts with errors and with no predefined rules when ipv6 is disabled in kernel after update
Summary: Firewalld starts with errors and with no predefined rules when ipv6 is disabl...
Keywords:
Status: CLOSED DUPLICATE of bug 1738785
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firewalld
Version: 7.0
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Eric Garver
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-09 09:21 UTC by Marcin Rucinski
Modified: 2019-08-09 12:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-09 12:29:51 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Marcin Rucinski 2019-08-09 09:21:35 UTC
After updgrading form RHEL7.6 to 7.7 firewalld 0.6.3 starts with errors and with no predefined rules present when ipv6 is disabled in kernel (ipv6.disable=1)


# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2019-08-08 13:39:03 CEST; 1h 19min ago
     Docs: man:firewalld(1)
Main PID: 1429 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─1429 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Aug 08 13:39:01 systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 08 13:39:03 systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 08 13:39:04 firewalld[1429]: WARNING: ip6tables not usable, disabling IPv6 firewall.
Aug 08 13:39:04 firewalld[1429]: ERROR: UNKNOWN_ERROR: 'ip6tables' backend does not exist
Aug 08 13:39:04 firewalld[1429]: ERROR: COMMAND_FAILED: UNKNOWN_ERROR: 'ip6tables' backend does not exist
Aug 08 13:39:04 firewalld[1429]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain

                                  Error occurred at line: 2...
Aug 08 13:39:04  firewalld[1429]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain

# firewall-cmd --state
failed

# iptables -nvL
Chain INPUT (policy ACCEPT 1031 packets, 455K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 853 packets, 294K bytes)
pkts bytes target     prot opt in     out     source               destination

# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=sys/root rd.lvm.lv=sys/swap ipv6.disable=1 rhgb quiet transparent_hugepage=never"
GRUB_DISABLE_RECOVERY="true"

Comment 2 Marcin Rucinski 2019-08-09 09:35:05 UTC
kernel 3.10.0-1062.el7.x86_64

Comment 3 Eric Garver 2019-08-09 12:29:51 UTC

*** This bug has been marked as a duplicate of bug 1738785 ***


Note You need to log in before you can comment on or make changes to this bug.