Description of problem: $ firewall-config Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 9: reading configurations from ~/.fonts.conf is deprecated. Traceback (most recent call last): File "/usr/bin/firewall-config", line 809, in onReloadFirewalld self.fw.reload() File "<string>", line 2, in reload File "/usr/lib/python2.7/site-packages/slip/dbus/polkit.py", line 141, in _enable_proxy return func(*p, **k) File "/usr/lib/python2.7/site-packages/firewall/client.py", line 638, in reload self.fw.reload() File "/usr/lib/python2.7/site-packages/slip/dbus/proxies.py", line 50, in __call__ return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs) File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 145, in __call__ **keywords) File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking message, timeout) dbus.exceptions.DBusException: org.freedesktop.DBus.Python.dbus.exceptions.DBusException: '/sbin/iptables -t nat -N PREROUTING_direct' failed: iptables v1.4.16.2: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. $ yum info firewalld Geladene Plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit Installierte Pakete Name : firewalld Architektur : noarch Version : 0.2.12 Ausgabe : 4.fc18 Größe : 1.1 M Repo : installed Aus repo : updates Zusammenfassung : A firewall daemon with D-BUS interface providing a dynamic : firewall URL : http://fedorahosted.org/firewalld Lizenz : GPLv2+ Beschreibung : firewalld is a firewall service daemon that provides a dynamic : customizable firewall with a D-BUS interface. $ uname -a Linux localhost.localdomain 3.9.0-rc3+ #33 PREEMPT Fri Mar 22 18:35:44 CET 2013 x86_64 x86_64 x86_64 GNU/Linux Why do I need NAT for firewall?
(In reply to comment #0) > org.freedesktop.DBus.Python.dbus.exceptions.DBusException: '/sbin/iptables > -t nat -N PREROUTING_direct' failed: iptables v1.4.16.2: can't initialize > iptables table `nat': Table does not exist (do you need to insmod?) > Perhaps iptables or your kernel needs to be upgraded. What are the steps to reproduce ? > Why do I need NAT for firewall? For masquerading (http://en.wikipedia.org/wiki/IP_masquerading).
On most of my machines i use a self compiled kernel. I didn't compile in NAT support. And did get about error in firewall-config. Why exactly do you need NAT for firewall? Above link says that ip masquerading is just another word for full NAT. I did enable the necessary NAT modules now.
The rules for all configured zones are created at firewalld start. This speeds up the change of zones for connections. There is an RFE to create rules for used zones only. This is on the TODO list.
*** This bug has been marked as a duplicate of bug 967376 ***