CentOS 8 firewalld 0.6.3 nf_conntrack complications

Support for security such as Firewalls and securing linux
Post Reply
DatZ
Posts: 3
Joined: 2019/08/17 12:19:36

CentOS 8 firewalld 0.6.3 nf_conntrack complications

Post by DatZ » 2019/12/27 16:09:58

Hi all,
I've got an installation of CentOS 8 running on an older laptop. It works pretty well but I want to configure my firewalld rules for it. It looks like firewalld can't find the nf_conntrack kernel module needed to run the firewalld service, though. Here's what I'm getting back from systemctl status firewalld:

Code: Select all

[root@archimedes ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Thu 2019-12-26 19:14:38 EST; 15h ago
     Docs: man:firewalld(1)
  Process: 13619 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 13619 (code=exited, status=0/SUCCESS)

Dec 26 19:14:38 archimedes.tao systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 26 19:14:38 archimedes.tao systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 26 19:14:38 archimedes.tao firewalld[13619]: WARNING: modinfo command is missing, not able to detect conntrack helpers.
Dec 26 19:14:38 archimedes.tao firewalld[13619]: ERROR: Failed to load nf_conntrack module:
Dec 26 19:14:38 archimedes.tao firewalld[13619]: ERROR: Raising SystemExit in run_server
A quick Google search yields a good amount of information for CentOS 7.6 and 7.7, and the best solution seems to be downgrading firewalld to 0.5.3. I'm not sure how or if that would work for CentOS 8 - I did try to follow the downgrade commands but it seems like the

Code: Select all

python-firewall-0.5.3-5.el7.noarch
package isn't compatible (not sure if I'm doing something wrong with that though). How can I get my firewalld service working on this host?

Here's the link which gives some info about the issue on a CentOS 7.7 server: https://github.com/firewalld/firewalld/issues/519
Please let me know if there's any more information I can provide!

User avatar
TrevorH
Forum Moderator
Posts: 27382
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 8 firewalld 0.6.3 nf_conntrack complications

Post by TrevorH » 2019/12/28 01:47:44

What's the output from uname -r ? Have you disabled ipv6?
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 8 - Security Support”