Description of problem: firewall-cmd cannot delete rules (nat?) Version-Release number of selected component (if applicable): firewalld-0.2.7-1.fc18.noarch How reproducible: constant Steps to Reproduce: 1.# firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080 2.# firewall-cmd --list-forward-ports port=80:proto=tcp:toport=8080:toaddr= 3.# firewall-cmd --zone=public --remove-forward-port=port=80:proto=tcp:toport=8080 Error: COMMAND_FAILED: '/sbin/iptables -D PRE_ZONE_public_allow -t mangle -p tcp --dport 80 -j MARK --set-mark 0x64' failed: iptables: No chain/target/match by that name. 4.# firewall-cmd --list-ports 8080/tcp Actual results: Port open in public zone leaving hole in firewall. Expected results: Delete added open port. Additional info: Unable to delete the port forward rule in the GUI as well.
I'm not able to reproduce it here. What's the output of 'rpm -q iptables' and 'uname -a' ?
Created attachment 628689 [details] backtrace I actually see something similar with kernel-3.6.1-1.fc17 kernel-3.5.6-1.fc17 is ok.
Created attachment 633236 [details] snippet from /var/log/messages Still occurs from time to time even with kernel 3.6.2-4.fc17.x86_64 This time I'm seeing it it after firewalld service restart. Now 'iptables -t filter -I INPUT 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT' returns 'iptables: No chain/target/match by that name.' and I can see the attached lines in /var/log/messages
# iptables-save *filter :INPUT ACCEPT [4781:1563336] :FORWARD ACCEPT [114:6840] :OUTPUT ACCEPT [3916:988198] :INPUT_ZONES - [0:0] :INPUT_direct - [0:0] COMMIT
Reassigning to kernel. See attachment in comment 3.
Neil, any ideas here?
I no longer see this on kernel-3.7.5-201.fc18.x86_64