Description of problem: Not sure if this is related, but I keep getting a dbus error when trying to use firewall-cmd or start firewall-config: org.freedesktop.dbus.error.serviceunknown: The name :1.17 was not provided by any .service files Version-Release number of selected component: firewalld-0.2.12-2.fc18 Additional info: cmdline: /usr/bin/python /bin/firewall-cmd --direct --add-rule ipv4 filter FORWARD -i tun0 -o wlan0 -s 10.8.0.0/24 -d 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT core_backtrace: 1c72f7cfbab1cf088ad498188047c4cf51cf8eb2 0x9e <module> /bin/firewall-cmd - executable: /bin/firewall-cmd kernel: 3.6.10-4.fc18.x86_64 uid: 0 Truncated backtrace: firewall-cmd:158:<module>:ValueError: invalid literal for int() with base 10: '-i' Traceback (most recent call last): File "/bin/firewall-cmd", line 158, in <module> direct_priority = int(args[5]) ValueError: invalid literal for int() with base 10: '-i' Local variables in innermost frame: permanent: False INVALID_FORWARD: 106 NO_DEFAULTS: 23 INVALID_SERVICE: 101 __list_all: <function __list_all at 0xf3e320> BUILTIN_CHAIN: 20 mode: 'add-rule' NO_IPV6_NAT: 14 value: None ALREADY_ENABLED: 11 PARSE_ERROR: 29 UNKNOWN_INTERFACE: 17 INVALID_DIRECTORY: 118 __parse_forward_port: <function __parse_forward_port at 0xf3e2a8> INVALID_PROPERTY: 113 direct_table: 'filter' MISSING_ADDR: 204 direct_chain: 'FORWARD' MISSING_PORT: 202 zone: '' NAME_CONFLICT: 27 INVALID_PROTOCOL: 103 INVALID_TARGET: 110 INVALID_VALUE: 114 __package__: None UNKNOWN_ERROR: 254 INVALID_ICMPTYPE: 107 INVALID_ADDR: 105 INVALID_SETTING: 120 usage: <function usage at 0xebea28> getopt: <module 'getopt' from '/usr/lib64/python2.7/getopt.pyc'> NOT_AUTHORIZED: 253 direct_ipv: 'ipv4' __doc__: None MISSING_SETTING: 206 PANIC_MODE: 15 INVALID_IPV: 111 INVALID_NAME: 116 args: ['--direct', '--add-rule', 'ipv4', 'filter', 'FORWARD', '-i', 'tun0', '-o', 'wlan0', '-s', '10.8.0.0/24', '-d', '192.168.0.0/24', '-m', 'conntrack', '--ctstate', 'NEW', '-j', 'ACCEPT'] NOT_OVERLOADABLE: 22 MISSING_PROTOCOL: 203 MISSING_NAME: 205 __builtins__: <module '__builtin__' (built-in)> INVALID_TABLE: 108 __file__: '/bin/firewall-cmd' BUILTIN_ICMPTYPE: 26 sys: <module 'sys' (built-in)> INVALID_PORT: 102 __parse_port: <function __parse_port at 0xf3e230> INVALID_ACTION: 100 BUILTIN_ZONE: 24 ZONE_CONFLICT: 18 GObject: <gi.module.DynamicGObjectModule 'GObject' from '/usr/lib64/girepository-1.0/GObject-2.0.typelib'> NOT_RUNNING: 252 __name__: '__main__' IMMUTABLE: 19 COMMAND_FAILED: 13 EBTABLES_NO_REJECT: 21 MISSING_TABLE: 200 ZONE_ALREADY_SET: 16 INVALID_FILENAME: 117 NOT_ENABLED: 12 INVALID_CHAIN: 109 MISSING_CHAIN: 201 dbus: <module 'dbus' from '/usr/lib/python2.7/site-packages/dbus/__init__.pyc'> INVALID_DESTINATION: 121 BUILTIN_SERVICE: 25 INVALID_ZONE: 112 NAME_MISMATCH: 28 timeout: 0 INVALID_OBJECT: 115 INVALID_INTERFACE: 104 __fail: <function __fail at 0xf3e1b8> FirewallClient: <class 'firewall.client.FirewallClient'> os: <module 'os' from '/usr/lib64/python2.7/os.pyc'> INVALID_TYPE: 119 opts: [] FirewallError: <class 'firewall.errors.FirewallError'>
Created attachment 701715 [details] File: backtrace
Created attachment 701716 [details] File: environ
The Dbus error for firewall-cmd and firewall-config went away when I restarted the daemon. One thing I forgot to mention was that I was attempting to open firewall-config via a remote ssh session. The Dbus error persisted once I was back in my local session, but went away after I restarted firewalld. Apologies if my comments aren't particularily helpful.
You missed the priority of the rule. From the man page of firewall-cmd: --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args> Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. With the priority you can order rules. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. I am about to add the description about priorities to the man page, it was missing. Also there needs to be better error treatment in this case. I am leaving this bug open until this has been added.
(In reply to Thomas Woerner from comment #4) > Also there needs to be better error treatment in this case. I am leaving > this bug open until this has been added. I can't do more than https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=29b27b196b7f2122155e034be8c8722d1704af76
firewalld-0.3.4-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/firewalld-0.3.4-1.fc19
Package firewalld-0.3.4-1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.4-1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-14046/firewalld-0.3.4-1.fc19 then log in and leave karma (feedback).
firewalld-0.3.4-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.