Le 09/01/2017 00:17, Ed Greshko a écrit :
On 01/09/17 06:30, François Patte wrote:
> For this reason, it is impossible to change any settings in firewall on
> fedora 24.
>
> So, I can't ssh machines running f24, I can't set printers on machines
> running f24...
>
> Is there a solution?
I have a fully updated F24 system except for the packages with the dependency issues:
root@f24 ~]# dnf --best update
Last metadata expiration check: 0:34:16 ago on Mon Jan 9 06:41:24 2017.
Error: package firewalld-0.4.4.2-2.fc24.noarch conflicts with selinux-policy <
3.13.1-191.23 provided by selinux-policy-3.13.1-191.21.fc24.noarch.
package selinux-policy-targeted-3.13.1-191.21.fc24.noarch requires selinux-policy =
3.13.1-191.21.fc24, but none of the providers can be installed.
package firewall-applet-0.4.4.2-2.fc24.noarch requires firewalld = 0.4.4.2-2.fc24, but
none of the providers can be installed.
package selinux-policy-targeted-3.13.1-191.21.fc24.noarch requires selinux-policy =
3.13.1-191.21.fc24, but none of the providers can be installed
But the currently installed packages work fine and I can make changes to my firewall.
So, what exactly are you seeing?
Thank you for answering.
1- If I want to update my system using dnf update, I get this message:
Paquets ignorés suite à des dépendances cassées: (ignored packages
because of broken dependencies)
firewall-config noarch 0.4.4.2-2.fc24
updates 153 k
firewalld noarch 0.4.4.2-2.fc24
updates 454 k
firewalld-filesystem noarch 0.4.4.2-2.fc24
updates 68 k
python3-firewall noarch 0.4.4.2-2.fc24
updates 351 k
2- At boot time (journalctl -b) I have these error messages:
/firewalld[1325]: ERROR: Failed to flush eb firewall:
'/usr/sbin/ebtables-restore --noflush' failed:
/firewalld[1325]: ERROR: INVALID_ZONE (2 times)
3- If I want to set the firewall (Applications->Administration->Firewall
In public, I tick ipp and ssh and reload firewalld, I get these messages
in journalctl:
janv. 09 12:32:59 bhaskara dbus-daemon[1339]: [system] Activating via
systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
requested by ':1.59' (uid=0 pid=3557
comm="/usr/lib/polkit-1/polkit-agent-helper-1 root "
label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
janv. 09 12:32:59 bhaskara systemd[1]: Starting Fingerprint
Authentication Daemon...
janv. 09 12:32:59 bhaskara dbus-daemon[1339]: [system] Successfully
activated service 'net.reactivated.Fprint'
janv. 09 12:32:59 bhaskara audit[1]: SERVICE_START pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
janv. 09 12:32:59 bhaskara systemd[1]: Started Fingerprint
Authentication Daemon.
janv. 09 12:33:14 bhaskara audit[3557]: USER_AUTH pid=3557 uid=3025
auid=3025 ses=2
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:authentication grantors=pam_unix acct="root"
exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=? addr=?
terminal=? res=success'
janv. 09 12:33:14 bhaskara audit[3557]: USER_ACCT pid=3557 uid=3025
auid=3025 ses=2
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root"
exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=? addr=?
terminal=? res=success'
janv. 09 12:33:14 bhaskara polkitd[1370]: Operator of unix-session:2
successfully authenticated as unix-user:root to gain TEMPORARY
authorization for action org.fedoraproject.FirewallD1.all for
system-bus-name::1.57 [/usr/bin/python3 -Es /usr/bin/firewall-config]
(owned by unix-user:fp)
janv. 09 12:33:29 bhaskara audit[1]: SERVICE_STOP pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=2
entries=41
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=2
entries=27
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=2 entries=9
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=2
entries=13
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=10
entries=41
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=10
entries=27
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=10
entries=9
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=10
entries=13
janv. 09 12:33:43 bhaskara /firewalld[1363]: ERROR: Failed to set policy
of eb firewall: '/usr/sbin/ebtables-restore --noflush' failed: Bad
argument : 'COMMIT'.
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=2
entries=41
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=2
entries=27
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=nat family=2
entries=26
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=2 entries=9
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=2
entries=13
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=10
entries=41
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=10
entries=27
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=nat family=10
entries=26
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=10
entries=9
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=10
entries=13
janv. 09 12:33:43 bhaskara /firewalld[1363]: ERROR: Failed to flush eb
firewall: '/usr/sbin/ebtables-restore --noflush' failed: Bad argument :
'COMMIT'.
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=2
entries=4
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=2
entries=6
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=nat family=2 entries=5
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=2 entries=3
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=2
entries=4
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=10
entries=4
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=10
entries=6
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=nat family=10
entries=5
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=10
entries=3
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=10
entries=4
janv. 09 12:34:03 bhaskara wpa_supplicant[1536]: wlp12s0: WPA: Group
rekeying completed with 00:1d:6a:69:e0:74 [GTK=TKIP]
Then the network is totaly blocked on the computer, I have to stop
firewalld.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)1 8394 5849
http://www.math-info.univ-paris5.fr/~patte