F16 and firewalld

Paolo Galtieri pgaltieri at gmail.com
Thu Jan 12 22:50:14 UTC 2012 

In F14 I'm used to editing /etc/sysconf/iptables, add my rules and run
service iptables restart to reload the rules.

I assumed that the way to do it now was systemctl reload iptables.service.
This of course was wrong.  So I did a little googleing.

There apparently is a new firewall daemon firewalld in F16.  Which
interstingly enough is not installed by default though iptables are.

So I install firewalld, enable the service and then start the service.  I
run iptables --list to see the current config.

I edit the /etc/sysconf/iptables file and enter systemctl reload
firewalld.service and much to my surprise I get the following

[root at virtualF16 sysconfig]# systemctl reload firewalld.service
Job failed. See system logs and 'systemctl status' for details.

[root at virtualF16 sysconfig]# systemctl status firewalld.service

firewalld.service - Firewall dynamic change handling daemon
      Loaded: loaded (/lib/systemd/system/firewalld.service; enabled)
      Active: active (running) since Thu, 12 Jan 2012 15:35:27 -0700; 9min
ago
     Process: 25110 ExecStart=/usr/sbin/firewalld $FIREWALLD_ARGS
(code=exited, status=0/SUCCESS)
    Main PID: 25111 (firewalld)
      CGroup: name=systemd:/system/firewalld.service
          ��� 25111 /usr/bin/python /usr/sbin/firewalld
          ��� 25448 /usr/bin/python /usr/bin/firewall-cmd --reload

In /var/log/messages I see the following:

Jan 12 15:36:27 virtualF16 firewall-cmd[25448]:
ERROR:dbus.proxies:Introspect error on :1.387:/org/fedoraproject/FirewallD:
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not
receive a reply. Possible causes include: the remote application did not
send a reply, the message bus security policy blocked the reply, the reply
timeout expired, or the network connection was broken.
Jan 12 15:37:32 virtualF16 systemd[1]: firewalld.service operation timed
out. Stopping.

However systemctl stop firewalld.service and systemctl start
firewalld.service work just fine.

However, I still have not found out how to modify /etc/sysconf/iptables and
get the new rules reloaded because firewalld does nothing with iptables.

I looked in the F16 System Administrators guide and there was nothing on
iptables there.

Any assistance is appreciated.

Paolo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120112/2e01e874/attachment.html>

More information about the users mailing list