On Mon, Sep 16, 2019 at 05:17:14PM +0000, jose.nunez-zuleta@barclays.com wrote:
Hello all,
I installed a server using Kickstart and setup firewalld with the following flags:
firewall --enabled --ssh --http
However after rebooting the machine for the first time I see there are errors when the firewalld comes up:
Sep 11 16:51:32 X firewalld[36540]: ERROR: INVALID_ZONE Sep 11 16:51:32 X firewalld[36540]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 11 failed Sep 11 16:51:32 X firewalld[36540]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore: line 11 failed Sep 11 16:51:32 X firewalld[36540]: ERROR: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore: line 11 failed Sep 11 16:51:32 X firewalld[36540]: ERROR: INVALID_ZONE Sep 11 16:58:18 X firewalld[36540]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.0 (legacy): iptables-restore: unable to initialize table 'security' Error occurred at line: 1 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Sep 11 16:58:18 X firewalld[36540]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.8.0 (legacy): ip6tables-restore: unable to initialize table 'secur>
Somehow it seems than the 'public' zone got mangled:
[root@X log]# firewall-cmd --get-active-zones # Returns nothing
[root@X log]# firewall-cmd --zone=public --list-all Error: INVALID_ZONE: public
Not sure what is going on here but I can set rules with firewall-cmd by hand:
firewall-cmd --set-default-zone=public firewall-cmd --get-default-zone # Returns 'public' firewall-cmd --zone=public --add-service=http --permanent firewall-cmd --zone=public --add-service=ssh --permanent firewall-cmd --zone=public --permanent --add-port=7990/tcp firewall-cmd --zone=public --permanent --add-port=7999/tcp firewall-cmd --zone=public --permanent --add-port=8080/tcp
But the following commands return nothing:
firewall-cmd --get-active-zones firewall-cmd --list-ports --zone=public firewall-cmd --zone=public --list-services
Any ideas what else I can look for?
It looks like you're missing some of the kernel modules (error about security table). Are you using a stock kernel? Is this stock Fedora?