884346 – firewall-cmd --reload causes libvirt to syslog spew errors when trying to clean up firewall rules that don't exist

Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.

Bug 884346 - firewall-cmd --reload causes libvirt to syslog spew errors when trying to clean up firewall rules that don't exist

Summary: firewall-cmd --reload causes libvirt to syslog spew errors when trying to cle...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libvirt
Sub Component:
Version:	18
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-12-06 01:50 UTC by Dean Hunter
Modified:	2013-02-24 19:57 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-24 19:57:12 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Dean Hunter 2012-12-06 01:50:35 UTC

Description of problem:
firewall-cmd --reload fails when libvirtd.service is running


Version-Release number of selected component (if applicable):
firewalld.noarch            0.2.9-1.fc18            @koji-override-0/$releasever
libvirt.x86_64                      0.10.2.1-3.fc18                      @fedora


How reproducible:
consistent


Steps to Reproduce:
1.  Install Fedora 18 from Live CD
2.  yum update --assumeyes
3.  reboot
4.  yum group install --assumeyes Virtualization
5.  systemctl enable libvirtd.service
6.  systemctl start  libvirtd.service
7.  yum install --assumeyes xrdp
8.  systemctl enable xrdp.srvice
9.  systemctl start  xrdp.srvice
10. firewall-cmd --zone=public --add-port=3389/tcp
11. firewall-cmd --reload


Actual results:
In /var/log/messages:
Dec  5 19:18:40 client18 libvirtd[1017]: 2012-12-06 01:18:40.282+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table nat --delete POSTROUTING --source 192.168.122.0/24 -p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535) unexpected exit status 13
Dec  5 19:18:40 client18 libvirtd[1017]: 2012-12-06 01:18:40.380+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table nat --delete POSTROUTING --source 192.168.122.0/24 -p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535) unexpected exit status 13
Dec  5 19:18:40 client18 libvirtd[1017]: 2012-12-06 01:18:40.477+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table nat --delete POSTROUTING --source 192.168.122.0/24 '!' --destination 192.168.122.0/24 --jump MASQUERADE) unexpected exit status 13
Dec  5 19:18:40 client18 libvirtd[1017]: 2012-12-06 01:18:40.574+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table filter --delete FORWARD --destination 192.168.122.0/24 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT) unexpected exit status 13
Dec  5 19:18:40 client18 libvirtd[1017]: 2012-12-06 01:18:40.670+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table filter --delete FORWARD --source 192.168.122.0/24 --in-interface virbr0 --jump ACCEPT) unexpected exit status 13
Dec  5 19:18:40 client18 libvirtd[1017]: 2012-12-06 01:18:40.767+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table filter --delete FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT) unexpected exit status 13
Dec  5 19:18:40 client18 libvirtd[1017]: 2012-12-06 01:18:40.864+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table filter --delete FORWARD --out-interface virbr0 --jump REJECT) unexpected exit status 13
Dec  5 19:18:40 client18 libvirtd[1017]: 2012-12-06 01:18:40.962+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table filter --delete FORWARD --in-interface virbr0 --jump REJECT) unexpected exit status 13
Dec  5 19:18:41 client18 libvirtd[1017]: 2012-12-06 01:18:41.062+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT) unexpected exit status 13
Dec  5 19:18:41 client18 libvirtd[1017]: 2012-12-06 01:18:41.159+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT) unexpected exit status 13
Dec  5 19:18:41 client18 libvirtd[1017]: 2012-12-06 01:18:41.256+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill) unexpected exit status 13
Dec  5 19:18:41 client18 libvirtd[1017]: 2012-12-06 01:18:41.353+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT) unexpected exit status 13
Dec  5 19:18:41 client18 libvirtd[1017]: 2012-12-06 01:18:41.450+0000: 1017: error : virCommandWait:2287 : internal error Child process (/usr/bin/firewall-cmd --direct --passthrough ipv4 --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT) unexpected exit status 13


Expected results:
No errors in /var/log/messages


Additional info:
systemctl stop libvirtd.srvice # allows firewall-cmd --reload to complete successfully

Comment 1 Thomas Woerner 2012-12-06 10:56:10 UTC

libvirt recreates firewall rules after firewalld gets reloaded. It tries to clean up the old rules in this case. The cleanup produces errors if the rules are not there anymore. This should be no error in my opinion.

Reassiging to libvirt.

Comment 2 Dean Hunter 2013-02-24 19:57:12 UTC

I can no longer reproduce this error:

Installed Packages
firewalld.noarch                    0.2.12-2.fc18                       @updates
libvirt.x86_64                      0.10.2.3-1.fc18                     @updates

Note You need to log in before you can comment on or make changes to this bug.