Description of problem: default F18 install trying any examples in https://fedoraproject.org/wiki/Features/firewalld-default#How_To_Test results in an error Version-Release number of selected component (if applicable): firewalld-0.2.12-4.fc18.noarch How reproducible: always Steps to Reproduce: 1. service firewalld restart 2. firewall-cmd --add-service=ssh --timeout=10 3. enter root password Actual results: $ firewall-cmd --add-service=ssh --timeout=10 Error: INVALID_ZONE Expected results: should add ssh service to firewalld Additional info:
Examples here should be more up to date: https://fedoraproject.org/wiki/FirewallD#Using_firewall-cmd Anyway it's strange, you should actually see Warning: ALREADY_ENABLED because by default (if you don't specify --zone) it modifies 'public' zone, which has 'ssh' already added. You can add '--debug=2' to FIREWALLD_ARGS in /etc/sysconfig/firewalld, restart firewalld and check /var/log/firewalld afterwards whether you spot some more details.
Do you see the same with 0.2.12-6 from updates-testing ?
to comment 2: I did: yum --enablerepo=updates-testing install firewalld and got: Package firewalld.noarch 0:0.2.12-5.fc18 will be installed isn;t this the way to install the updates-testing mode?
You're right, it's 0.2.12-5, not 0.2.12-6 I'm sorry. I usually use yum --enablerepo=updates-testing update firewalld
same thing with 0.2.12-5 will try --debug
ok one issue is nf_nat is not loaded. 2013-04-11 17:00:00 DEBUG2: firewall.core.ipXtables.ip4tables: /sbin/iptables -t nat -N PREROUTING_direct 2013-04-11 17:00:00 Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/firewall/server/decorators.py", line 40, in handle_exceptions return func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/firewall/server/firewalld.py", line 75, in start return self.fw.start() File "/usr/lib/python2.7/site-packages/firewall/core/fw.py", line 129, in start self._apply_default_rules() File "/usr/lib/python2.7/site-packages/firewall/core/fw.py", line 361, in _apply_default_rules self.__apply_default_rules(ipv) File "/usr/lib/python2.7/site-packages/firewall/core/fw.py", line 350, in __apply_default_rules self.rule(ipv, _rule) File "/usr/lib/python2.7/site-packages/firewall/core/fw.py", line 402, in rule return self._ip4tables.set_rule(rule) File "/usr/lib/python2.7/site-packages/firewall/core/ipXtables.py", line 119, in set_rule return self.__run(rule) File "/usr/lib/python2.7/site-packages/firewall/core/ipXtables.py", line 115, in __run " ".join(_args), ret) ValueError: '/sbin/iptables -t nat -N PREROUTING_direct' failed: iptables v1.4.16.2: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. 2013-04-11 17:00:00 DEBUG1: zone.addInterface('', 'wlan0') 2013-04-11 17:00:00 DEBUG1: INVALID_ZONE 2013-04-11 17:00:17 DEBUG1: zone.addService('', 'ssh', 10) 2013-04-11 17:00:17 DEBUG1: INVALID_ZONE Will try to fix that and see what happens. I note in passing it would be nice to print this output from firewall-cmd instead of INVALID_ZONE.
(In reply to comment #6) > ok one issue is nf_nat is not loaded. bug #926055
(In reply to Michael S. Tsirkin from comment #6) > ok one issue is nf_nat is not loaded. Closing as duplicate of bug #967376 for now. *** This bug has been marked as a duplicate of bug 967376 ***