Firewalld Offline

[Pcoenen]

Hello,

I'm using Firewalld for a while and I never had problems before.

Today I notics that the firewalld service is not active anymore and I can't restart it.

This is the error I get when I enter "systemctl status firewalld"

Code: Select all

# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Sat 2016-03-05 17:57:41 CET; 2s ago
  Process: 2291 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 2291 (code=exited, status=0/SUCCESS)

Mar 05 17:57:41 servername systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 05 17:57:41  servername systemd [1]: Started firewalld - dynamic firewall daemon.
Mar 05 17:57:41 servername systemd firewalld[2291]: 2016-03-05 17:57:41 ERROR: ebtables not usable, disabling ethernet bridge firewall.
Mar 05 17:57:41 servername systemd firewalld[2291]: 2016-03-05 17:57:41 FATAL ERROR: No IPv4 and IPv6 firewall.
Mar 05 17:57:41 servername systemd firewalld[2291]: 2016-03-05 17:57:41 ERROR: Raising SystemExit in run_server

[TrevorH]

Mar 05 17:57:41 servername systemd firewalld[2291]: 2016-03-05 17:57:41 ERROR: ebtables not usable, disabling ethernet bridge firewall.

Is the ebtables package installed?

[Pcoenen]

Thanx and sorry for the slow reply, didn't knew my post was already online

I think it's instaled

"systemctl status ebtables" gives the following result

Code: Select all

[root@server ~]# systemctl status ebtables
● ebtables.service - Ethernet Bridge Filtering tables
   Loaded: loaded (/usr/lib/systemd/system/ebtables.service; disabled; vendor preset: disabled)
   Active: inactive (dead) since Tue 2016-03-08 00:16:50 CET; 4min 36s ago
  Process: 2371 ExecStop=/usr/libexec/ebtables stop (code=exited, status=0/SUCCESS)
  Process: 2362 ExecStart=/usr/libexec/ebtables start (code=exited, status=0/SUCCESS)
 Main PID: 2362 (code=exited, status=0/SUCCESS)

Mar 08 00:16:39 * ebtables[2362]: nat tables: not configured[  OK  ]
Mar 08 00:16:39 * ebtables[2362]: broute tables: not configured[  OK  ]
Mar 08 00:16:39 * systemd[1]: Started Ethernet Bridge Filtering tables.
Mar 08 00:16:50 * systemd[1]: Stopping Ethernet Bridge Filtering tables...
Mar 08 00:16:50 * ebtables[2371]: The kernel doesn't support the ebtables 'filter' table.
Mar 08 00:16:50 * ebtables[2371]: The kernel doesn't support the ebtables 'nat' table.
Mar 08 00:16:50 * ebtables[2371]: The kernel doesn't support the ebtables 'broute' table.
Mar 08 00:16:50 * ebtables[2371]: rmmod: ERROR: Module ebtables is not currently loaded
Mar 08 00:16:50 * systemd[1]: Stopped Ethernet Bridge Filtering tables.
Mar 08 00:16:50 * ebtables[2371]: [FAILED]

[TrevorH]

What is the output from uname -a

[Pcoenen]

This gives me the following:

Code: Select all

Linux server.* 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

[giulix63]

Please, post also the output of

Code: Select all

which iptables ip6tables

[Pcoenen]

This gives me

Code: Select all

which iptables ip6tables
/usr/sbin/iptables
/usr/sbin/ip6tables

Thanx for the fast reactions !!!

[giulix63]

It looks like the system is trying to configure ebtables, but bails out when it's time to activate it. Could you post the output of the following commands

Code: Select all

ls -l /etc/sysconfig/ebtables*
cat /etc/sysconfig/ebtables-config
lsmod |grep ebtab

run as root. please?

[TrevorH]

Also rpm -V ebtables should return no output.

[Pcoenen]

Okay, i get this output

Code: Select all

[user@server ~]# ls -l /etc/sysconfig/ebtables*
-rw------- 1 root root 1390 Jun 10  2014 /etc/sysconfig/ebtables-config

Code: Select all

[user@server ~]# cat /etc/sysconfig/ebtables-config
# Save (and possibly restore) in text format.
#   Value: yes|no,  default: yes
# Save the firewall rules in text format to /etc/sysconfig/ebtables
# If EBTABLES_BINARY_FORMAT="no" then restoring the firewall rules# is done using this text format.
EBTABLES_TEXT_FORMAT="yes"

# Save (and restore) in binary format.
#   Value: yes|no,  default: yes
# Save (and restore) the firewall rules in binary format to (and from)
# /etc/sysconfig/ebtables.<chain>. Enabling this option will make
# firewall initialisation a lot faster.
EBTABLES_BINARY_FORMAT="yes"

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
EBTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules if firewall gets stopped
# (e.g. on system shutdown).
EBTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules if firewall gets restarted.
EBTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule counters.
#   Value: yes|no,  default: no
# Save rule counters when saving a kernel table to a file. If the
# rule counters were saved, they will be restored when restoring the table.
EBTABLES_SAVE_COUNTER="no"

Code: Select all

[user@server ~]# rpm -V ebtables
missing   d /usr/share/man/man8/ebtables.8.gz

Thanks in forward !!!