Description of problem: Logged into my test machine via ssh. Installed firewalld, and did systemctl enable firewalld. Not surprisingly, my ssh connection immediately froze. Okay, fair enough. Got console access. Typed firewall-cmd --add-service=ssh Got back "warning: ALREADY_ENABLED" SSH session still not responsive. Force-disconnected it. Still can't ssh in, though: "No route to host". Went back to console. Ran "iptables -F", which worked. (Obviously that's not the ideal state for a firewall and I'm sure a less-drastic manual rule would have worked as well.) Version-Release number of selected component (if applicable): firewalld-0.2.9-1.fc18.noarch How reproducible: Always Steps to Reproduce: 1. install clean system without firewalld 2. install firewalld Actual results: ssh cannot be enabled Expected results: Not surprised to see initial connection dropped. Surprised that enable doesn't work. Additional info:
(In reply to comment #0) > did systemctl enable firewalld. 'systemctl enable' AFAIK just makes the symlinks, it doesn't start the service. Did you mean 'systemctl start' ? Anyway, neither 'systemctl enable' nor 'systemctl start' does not freeze the connection in my case. Can't see what I do differently. > Steps to Reproduce: > 1. install clean system without firewalld I've thought firewalld has been in minimal install in F18.
firewalld is actually enabled by default [1] when you install it, so 'systemctl enable firewalld.service' does nothing. [1] https://fedoraproject.org/wiki/Starting_services_by_default
(In reply to comment #1) > 'systemctl enable' AFAIK just makes the symlinks, it doesn't start the > service. > Did you mean 'systemctl start' ? Yes, sorry. > > Steps to Reproduce: > > 1. install clean system without firewalld > I've thought firewalld has been in minimal install in F18. It is installed by anaconda but isn't in the @core group, so it isn't currently added by tools like appliance-creator. Conceivably, we could have a minimal JEOS image which doesn't have it, but someone might want to add it later -- that's the specific case I'm worried about here.
Ah. I'm not running NetworkManager. *** This bug has been marked as a duplicate of bug 821938 ***