Bug 811240 – during boot firewalld is not ready when NetworkManager needs it

Bug 811240 - during boot firewalld is not ready when NetworkManager needs it

Summary:	during boot firewalld is not ready when NetworkManager needs it

Status:	CLOSED ERRATA

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	firewalld (Show other bugs)
Sub Component:
Version:	17
Hardware:	All Linux

Priority	unspecified Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Thomas Woerner
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2012-04-10 10:06 EDT by Jiri Popelka
Modified:	2012-04-24 00:25 EDT (History)
CC List:	2 users (show)

See Also:
Fixed In Version:	firewalld-0.2.5-1.fc17
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-04-24 00:25:53 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Jiri Popelka 2012-04-10 10:06:56 EDT

When I run firewalld and NetworkManager (NM) with debug messages on I see that during boot firewalld begins to start (several seconds) after NM. That is bad - NM needs to inform firewalld when making network interfaces up otherwise they will be in no zone until firewalld starts.

I suggest these changes in firewalld.service:

1) Before=NetworkManager.service
- selfexplaining, needed to start firewalld before NM
2) Type=dbus
   BusName=org.fedoraproject.FirewallD1
- to tell systemd when firewalld is ready
- systems.service(5) says:
Type=dbus:
Behaviour of dbus is similar to simple, however it is expected that the daemon acquires a name on the D-Bus bus, as configured by BusName=. systemd will proceed starting follow-up units after the D-Bus bus name has been acquired. Service units with this option configured implicitly gain dependencies on the dbus.socket unit.
3) remove After=dbus.target
- I think the 'Type=dbus' does the same.

Note: I took me a plenty of time to get this solution because I had been trying either (1) or (2) but not both of them together :-(

Comment 1 Thomas Woerner 2012-04-20 14:42:43 EDT

Fixed upstream:
http://git.fedorahosted.org/git?p=firewalld.git;a=commit;h=6efdc463cf1b457423e41f2705ecfae964452696

Comment 2 Thomas Woerner 2012-04-20 15:06:17 EDT

and
http://git.fedorahosted.org/git?p=firewalld.git;a=commit;h=fc5ff2290af8f6342ce4205f6ce2283f43d4d3cb

Comment 3 Fedora Update System 2012-04-20 15:54:08 EDT

firewalld-0.2.5-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/firewalld-0.2.5-1.fc17

Comment 4 Fedora Update System 2012-04-21 17:03:56 EDT

Package firewalld-0.2.5-1.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing firewalld-0.2.5-1.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-6323/firewalld-0.2.5-1.fc17
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2012-04-24 00:25:53 EDT

firewalld-0.2.5-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.