Hello Eric,
I'm using a custom kernel. Do you know what modules should be available? I see the following with lsmod:
[root@X ~]# lsmod|egrep iptable iptable_nat 16384 0 nf_nat_ipv4 16384 1 iptable_nat iptable_mangle 16384 0 iptable_raw 16384 0
I checked 'https://www.linuxtopia.org/Linux_Firewall_iptables/x651.html' and at least for IP tables the following were required for the Kernel:
CONFIG_PACKET CONFIG_NETFILTER CONFIG_IP_NF_CONNTRACK CONFIG_IP_NF_FTP CONFIG_IP_NF_IRC CONFIG_IP_NF_IPTABLES CONFIG_IP_NF_FILTER CONFIG_IP_NF_NAT CONFIG_IP_NF_MATCH_STATE CONFIG_IP_NF_TARGET_LOG CONFIG_IP_NF_MATCH_LIMIT CONFIG_IP_NF_TARGET_MASQUERADE
But I cannot figure out where is the '.config' file that tells what options were used to compile this kernel.
Thanks,
-----Original Message----- From: Eric Garver egarver@redhat.com Sent: Monday, September 16, 2019 14:41 To: Firewalld users discussion list firewalld-users@lists.fedorahosted.org Subject: Re: Problems with firewalld and Kickstart, Fedora 29
This mail originated from outside our organisation - egarver@redhat.com
On Mon, Sep 16, 2019 at 05:17:14PM +0000, jose.nunez-zuleta@barclays.com wrote:
Hello all,
I installed a server using Kickstart and setup firewalld with the following flags:
firewall --enabled --ssh --http
However after rebooting the machine for the first time I see there are errors when the firewalld comes up:
Sep 11 16:51:32 X firewalld[36540]: ERROR: INVALID_ZONE Sep 11 16:51:32 X firewalld[36540]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 11 failed Sep 11 16:51:32 X firewalld[36540]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore: line 11 failed Sep 11 16:51:32 X firewalld[36540]: ERROR: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore: line 11 failed Sep 11 16:51:32 X firewalld[36540]: ERROR: INVALID_ZONE Sep 11 16:58:18 X firewalld[36540]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.0 (legacy): iptables-restore: unable to initialize table 'security' Error occurred at line: 1 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Sep 11 16:58:18 X firewalld[36540]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.8.0 (legacy): ip6tables-restore: unable to initialize table 'secur>
Somehow it seems than the 'public' zone got mangled:
[root@X log]# firewall-cmd --get-active-zones # Returns nothing
[root@X log]# firewall-cmd --zone=public --list-all Error: INVALID_ZONE: public
Not sure what is going on here but I can set rules with firewall-cmd by hand:
firewall-cmd --set-default-zone=public firewall-cmd --get-default-zone # Returns 'public' firewall-cmd --zone=public --add-service=http --permanent firewall-cmd --zone=public --add-service=ssh --permanent firewall-cmd --zone=public --permanent --add-port=7990/tcp firewall-cmd --zone=public --permanent --add-port=7999/tcp firewall-cmd --zone=public --permanent --add-port=8080/tcp
But the following commands return nothing:
firewall-cmd --get-active-zones firewall-cmd --list-ports --zone=public firewall-cmd --zone=public --list-services
Any ideas what else I can look for?
It looks like you're missing some of the kernel modules (error about security table). Are you using a stock kernel? Is this stock Fedora? _______________________________________________ firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://clicktime.symantec.com/315ms1uHmpXjrosq1364H2b6H2?u=https%3A%2F%2Fdo... List Guidelines: https://clicktime.symantec.com/3JSCjeRMFfkegxk921hgLnb6H2?u=https%3A%2F%2Ffe... List Archives: https://clicktime.symantec.com/3PNEfBNLbFeoNdR71G9PSx76H2?u=https%3A%2F%2Fli...
_________________________________________________________________________________________________________________________________________________________________________________________________________________________________
This message is for information purposes only, it is not a recommendation, advice, offer or solicitation to buy or sell a product or service nor an official confirmation of any transaction. It is directed at persons who are professionals and is not intended for retail customer use. Intended for recipient only. This message is subject to the terms at: www.barclays.com/emaildisclaimer.
For important disclosures, please see: www.barclays.com/salesandtradingdisclaimer regarding market commentary from Barclays Sales and/or Trading, who are active market participants; and in respect of Barclays Research, including disclosures relating to specific issuers, please see http://publicresearch.barclays.com.
______________________________________________________________________________________________________________________________________________________________________ If you are incorporated or operating in Australia, please see https://www.home.barclays/disclosures/importantapacdisclosures.html for important disclosure. ______________________________________________________________________________________________________________________________________________________________________ ______________________________________________________________________________________________________________________________________________________________________ How we use personal information see our privacy notice https://www.investmentbank.barclays.com/disclosures/personalinformationuse.h... _________________________________________________________________________________________________________________________________________________________________________________________________________________________________