Centos 7 firewalld not working

General support questions
Post Reply
ajaysbritto
Posts: 2
Joined: 2014/08/03 01:47:33

Centos 7 firewalld not working

Post by ajaysbritto » 2014/08/03 02:16:09

Hi,

After I installed centos 7 minimal 64 bit, kernel version 2.6.32-042stab090.5, I performed the below steps.

1. yum install firewalld
2. systemctl start firewalld
3. systemctl status firewalld -l
[root@mirror ~]# systemctl status firewalld -l
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sat 2014-08-02 21:42:44 EDT; 25min ago
Main PID: 1174 (firewalld)
CGroup: /system.slice/firewalld.service
└─1174 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Aug 02 21:42:44 mirror.bsidev.com systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 02 21:42:44 mirror.bsidev.com firewalld[1174]: 2014-08-02 21:42:44 ERROR: ebtables not usable, disabling ethernet bridge firewall.
[root@mirror ~]# firewall-cmd --state
not running
[root@mirror ~]# firewall-cmd --list-all-zones
--return nothing--
Issue I am facing are

1. I am not able to login to the VPS after I reboot
2. I am not able to add Telnet port (23) to putty in because no zones are loaded
3. I tried changing the default zone to trusted and rebooted. Didn't make any difference

Can help me with what else I can try please?

User avatar
TrevorH
Forum Moderator
Posts: 29069
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos 7 firewalld not working

Post by TrevorH » 2014/08/03 12:28:59

Talk to your hoster. You have a VPS that is not running CentOS 7 but is running another product called OpenVZ - you can tell because of the "stab" string in the kernel version. That kernel does not have capabilities that the firewalld daemon relies upon.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

ajaysbritto
Posts: 2
Joined: 2014/08/03 01:47:33

Re: Centos 7 firewalld not working

Post by ajaysbritto » 2014/08/03 13:03:29

Thanks, will do. Any suggestion on setting up a firewall in this case in case the host is going to ask more time? Switch back to IPTables?

mikewwood
Posts: 1
Joined: 2014/11/16 08:30:16

Re: Centos 7 firewalld not working

Post by mikewwood » 2014/11/16 10:10:45

Hello,
I just installed "CentOS Linux release 7.0.1406 (Core)" with kernel "2.6.32-042stab093.4" on a OpenVZ VPS server and firewalld works. You still get the "ERROR: ebtables not usable, disabling ethernet bridge firewall." message when the service starts, but the service status is active and is functional. I would not use this for a production server right now, but for development, testing, or personal use it seems fine for now.

Hopefully OpenVZ will fully catch up with RHEL/CentOS 7 soon. Since they list RHEL/CentOS as the preferred VM host platform on their web site I would expect them to be working hard on these types of issues.


I tested the functionality by adding and removing the http rule and testing the TCP connection to port 80 on the new VPS (guest VM) server.
# firewall-cmd --remove-service=http
success


<As expected, all connections from remote computer with browser, wget, and TCP ping (psping.exe) to port 80 fail>

# firewall-cmd --add-service=http
success


<Also as expected, all tests using same tools now succeed>
System info:
# cat /etc/centos-release
CentOS Linux release 7.0.1406 (Core)

# cat /proc/sys/kernel/osrelease
2.6.32-042stab093.4

# systemctl -l status firewalld -l
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sun 2014-11-16 01:52:02 CST; 1h 7min ago
Main PID: 126 (firewalld)
CGroup: /system.slice/firewalld.service
`-126 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Nov 16 01:49:29 horizon systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 16 01:49:29 horizon systemd[1]: Started firewalld - dynamic firewall daemon.
Nov 16 01:49:29 horizon firewalld[1466]: 2014-11-16 01:49:29 ERROR: ebtables not usable, disabling ethernet bridge firewall.

# yum list firewalld
...
Installed Packages
firewalld.noarch 0.3.9-7.el7 @base

P.S. The original post probably should have gone in the "CentOS 7 - Security Support" forum as it says it's for "Support for security such as Firewalls and securing linux".

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Centos 7 firewalld not working

Post by gerald_clark » 2014/11/16 17:14:40

No, it should go to an openvz forum.

Post Reply

Return to “CentOS 7 - General Support”