Firewalld Offline

Support for security such as Firewalls and securing linux
Pcoenen
Posts: 16
Joined: 2016/03/05 17:01:46

Re: Firewalld Offline

Post by Pcoenen » 2016/03/08 13:55:27

lsmod |grep ebtab
returns nothing

giulix63
Posts: 1305
Joined: 2014/05/14 10:06:37
Location: GMT

Re: Firewalld Offline

Post by giulix63 » 2016/03/08 14:13:23

What happens if you insert the module and restart the service?

Code: Select all

ll /lib/modules/`uname -r`/kernel/net/bridge/netfilter
modprobe ebtables ebtable_filter ebt_ip ebt_pkttype
systemctl -l restart ebtables
systemctl -l restart firewalld
as root.
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.

Pcoenen
Posts: 16
Joined: 2016/03/05 17:01:46

Re: Firewalld Offline

Post by Pcoenen » 2016/03/08 14:35:26

Nothing really happens, when I watch the status of eatables and firewalld I still get the same errors

giulix63
Posts: 1305
Joined: 2014/05/14 10:06:37
Location: GMT

Re: Firewalld Offline

Post by giulix63 » 2016/03/08 14:49:19

You should really post the output of the above commands...
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.

Pcoenen
Posts: 16
Joined: 2016/03/05 17:01:46

Re: Firewalld Offline

Post by Pcoenen » 2016/03/08 15:01:31

Sorry i didn't thought that there was something intresting in the output

Code: Select all

# ll /lib/modules/`uname -r`/kernel/net/bridge/netfilter
total 248
-rw-r--r-- 1 root root  5165 Feb 16 18:45 ebt_802_3.ko
-rw-r--r-- 1 root root  6557 Feb 16 18:45 ebtable_broute.ko
-rw-r--r-- 1 root root  7565 Feb 16 18:45 ebtable_filter.ko
-rw-r--r-- 1 root root  7373 Feb 16 18:45 ebtable_nat.ko
-rw-r--r-- 1 root root 46205 Feb 16 18:45 ebtables.ko
-rw-r--r-- 1 root root  7661 Feb 16 18:45 ebt_among.ko
-rw-r--r-- 1 root root  6317 Feb 16 18:45 ebt_arp.ko
-rw-r--r-- 1 root root  6093 Feb 16 18:45 ebt_arpreply.ko
-rw-r--r-- 1 root root  5501 Feb 16 18:45 ebt_dnat.ko
-rw-r--r-- 1 root root  6309 Feb 16 18:45 ebt_ip6.ko
-rw-r--r-- 1 root root  5893 Feb 16 18:45 ebt_ip.ko
-rw-r--r-- 1 root root  6221 Feb 16 18:45 ebt_limit.ko
-rw-r--r-- 1 root root 11013 Feb 16 18:45 ebt_log.ko
-rw-r--r-- 1 root root  5677 Feb 16 18:45 ebt_mark.ko
-rw-r--r-- 1 root root  5789 Feb 16 18:45 ebt_mark_m.ko
-rw-r--r-- 1 root root  5653 Feb 16 18:45 ebt_nflog.ko
-rw-r--r-- 1 root root  5061 Feb 16 18:45 ebt_pkttype.ko
-rw-r--r-- 1 root root  5597 Feb 16 18:45 ebt_redirect.ko
-rw-r--r-- 1 root root  5973 Feb 16 18:45 ebt_snat.ko
-rw-r--r-- 1 root root  6701 Feb 16 18:45 ebt_stp.ko
-rw-r--r-- 1 root root 15845 Feb 16 18:45 ebt_ulog.ko
-rw-r--r-- 1 root root  8949 Feb 16 18:45 ebt_vlan.ko
-rw-r--r-- 1 root root  8173 Feb 16 18:45 nf_tables_bridge.ko
-rw-r--r-- 1 root root  7493 Feb 16 18:45 nft_meta_bridge.ko
[root@server ~]# modprobe ebtables ebtable_filter ebt_ip ebt_pkttype
[root@server ~]# systemctl -l restart ebtables
[root@server ~]# systemctl -l restart firewalld
[root@server ~]# 

giulix63
Posts: 1305
Joined: 2014/05/14 10:06:37
Location: GMT

Re: Firewalld Offline

Post by giulix63 » 2016/03/08 15:24:54

And after modprobing those modules the ebtables service still refuses to start? Is the error the same? Sorry, but I am at a loss... We probably need some netfilter guru here to explain what's going on.
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.

Pcoenen
Posts: 16
Joined: 2016/03/05 17:01:46

Re: Firewalld Offline

Post by Pcoenen » 2016/03/08 16:01:38

Yep, errors are the same as in the first post.

I was thinking maybe the reinstallation of some services could help. I tried reinstalling firewalld earlier, but that didn't helped me, than I tried reinstalling iptables, but after restarting I was unable to make any connection to the server.

Maybe reinstalling ebtables ?

giulix63
Posts: 1305
Joined: 2014/05/14 10:06:37
Location: GMT

Re: Firewalld Offline

Post by giulix63 » 2016/03/09 08:20:07

That would be my first choice. Why does the system need ebtables? Is that a VPS? Is a VPN configured on that system? For reference, this is after a reboot on my laptop:

Code: Select all

# systemctl -l status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2016-03-09 08:18:09 CET; 1h 3min ago
 Main PID: 626 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─626 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Mar 09 08:18:04 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 09 08:18:09 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
# systemctl -l status ebtables
● ebtables.service - Ethernet Bridge Filtering tables
   Loaded: loaded (/usr/lib/systemd/system/ebtables.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
# systemctl -l start ebtables
# systemctl -l status ebtables
● ebtables.service - Ethernet Bridge Filtering tables
   Loaded: loaded (/usr/lib/systemd/system/ebtables.service; disabled; vendor preset: disabled)
   Active: active (exited) since Wed 2016-03-09 09:23:04 CET; 13s ago
  Process: 8766 ExecStart=/usr/libexec/ebtables start (code=exited, status=0/SUCCESS)
 Main PID: 8766 (code=exited, status=0/SUCCESS)

Mar 09 09:23:04 host-xxx.net systemd[1]: Starting Ethernet Bridge Filtering tables...
Mar 09 09:23:04 host-xxx.net ebtables[8766]: filter tables: not configured[  OK  ]
Mar 09 09:23:04 host-xxx.net ebtables[8766]: nat tables: not configured[  OK  ]
Mar 09 09:23:04 host-xxx.net ebtables[8766]: broute tables: not configured[  OK  ]
Mar 09 09:23:04 host-xxx.net systemd[1]: Started Ethernet Bridge Filtering tables.
# lsmod |grep ebtab
ebtable_nat            12807  0 
ebtable_broute         12731  0 
bridge                119562  1 ebtable_broute
ebtable_filter         12827  0 
ebtables               30913  3 ebtable_broute,ebtable_nat,ebtable_filter
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.

Pcoenen
Posts: 16
Joined: 2016/03/05 17:01:46

Re: Firewalld Offline

Post by Pcoenen » 2016/03/10 22:55:39

I'm using a virtual vps.

After reinstalling firewalld and ebtables, i was able to startup ebtables, but firewalld still gives the same errors

giulix63
Posts: 1305
Joined: 2014/05/14 10:06:37
Location: GMT

Re: Firewalld Offline

Post by giulix63 » 2016/03/11 09:35:22

Maybe it is something to do with the type of virtualization your VPS uses...
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.

Post Reply

Return to “CentOS 7 - Security Support”