On Mon, Sep 16, 2019 at 05:17:14PM +0000, jose.nunez-zuleta(a)barclays.com wrote:
Hello all,
I installed a server using Kickstart and setup firewalld with the following flags:
firewall --enabled --ssh --http
However after rebooting the machine for the first time I see there are errors when the
firewalld comes up:
Sep 11 16:51:32 X firewalld[36540]: ERROR: INVALID_ZONE
Sep 11 16:51:32 X firewalld[36540]: ERROR: '/usr/sbin/iptables-restore -w -n'
failed: iptables-restore: line 11 failed
Sep 11 16:51:32 X firewalld[36540]: ERROR: '/usr/sbin/ip6tables-restore -w -n'
failed: ip6tables-restore: line 11 failed
Sep 11 16:51:32 X firewalld[36540]: ERROR: COMMAND_FAILED:
'/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore: line 11 failed
Sep 11 16:51:32 X firewalld[36540]: ERROR: INVALID_ZONE
Sep 11 16:58:18 X firewalld[36540]: ERROR: '/usr/sbin/iptables-restore -w -n'
failed: iptables-restore v1.8.0 (legacy): iptables-restore: unable to initialize table
'security'
Error occurred at line: 1
Try `iptables-restore -h' or
'iptables-restore --help' for more information.
Sep 11 16:58:18 X firewalld[36540]: ERROR: '/usr/sbin/ip6tables-restore -w -n'
failed: ip6tables-restore v1.8.0 (legacy): ip6tables-restore: unable to initialize table
'secur>
Somehow it seems than the 'public' zone got mangled:
[root@X log]# firewall-cmd --get-active-zones
# Returns nothing
[root@X log]# firewall-cmd --zone=public --list-all
Error: INVALID_ZONE: public
Not sure what is going on here but I can set rules with firewall-cmd by hand:
firewall-cmd --set-default-zone=public
firewall-cmd --get-default-zone # Returns 'public'
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=ssh --permanent
firewall-cmd --zone=public --permanent --add-port=7990/tcp
firewall-cmd --zone=public --permanent --add-port=7999/tcp
firewall-cmd --zone=public --permanent --add-port=8080/tcp
But the following commands return nothing:
firewall-cmd --get-active-zones
firewall-cmd --list-ports --zone=public
firewall-cmd --zone=public --list-services
Any ideas what else I can look for?
It looks like you're missing some of the kernel modules (error about
security table). Are you using a stock kernel? Is this stock Fedora?