Testing https://fedoraproject.org/wiki/QA:Testcase_firewalld_and_NetworkManager Expected results: firewall-cmd --get-active-zones The output should look like this ('em1' is in used as an example): public: em1 Actual results: [root@dragon ~]# firewall-cmd --get-active-zones [root@dragon ~]#
Does it change when you turn of SELinux (setenforce 0) and restart firewalld (systemctl restart firewalld.service) ?
Could be the same SELinux problem that I see: Mar 19 11:50:56 localhost NetworkManager[343]: <warn> (eth1) firewall zone add/change failed: (9) An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.4" (uid=0 pid=343 comm="/usr/sbin/NetworkManager --no-daemon --log-level=D") interface="org.fedoraproject.FirewallD1.zone" member="addInterface" error name="(unset)" requested_reply="0" destination="org.fedoraproject.FirewallD1" (uid=0 pid=331 comm="/usr/bin/python /usr/sbin/firewalld --nofork --deb") We should probably put a warning to the https://fedoraproject.org/wiki/QA:Testcase_firewalld_and_NetworkManager
I have two fully updated F-17 test machines.. on both there is no problem with the interaction of firewalld and NetworkManager. Is the system updated completely (all testing packages applied)?
All right, updating to selinux-policy-3.10.0-95.fc17 (from updates-testing) fixes the problem for me. This should be mentioned on the 'Test case 3' page.
From selinux-policy-3.10.0-93.fc17 changelog: - Allow firewalld to dbus chat with networkmanager
Confirmed.
Re-opening this, because -93 was never pushed stable. -95 was submitted as an update but never made it to stable. -104 is pending push to stable. Re-opening this and proposing as a blocker: this is (I believe) the correct bug to track that we need at least selinux-policy -93 in the Beta (we'll actually take 104) to make sure IPv6 works. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Reassigning to selinux-policy.
selinux-policy 104 went stable, so closing again. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
-1 blocker -1 NTH Unless there are follow on affects to this issue, I don't think this hits any criteria.
bruno: it prevented IPv6 working out-of-the-box (one among several bugs of this kind). -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers