Centos 7.7 firewalld issue

Issues related to applications and software problems
Giuseppe7856
Posts: 5
Joined: 2019/09/22 19:03:45
Location: Luxembourg

Centos 7.7 firewalld issue

Post by Giuseppe7856 » 2019/09/22 19:29:35

Hello,

After upgrade to Centos 7.7 (from 7.6), firewalld does not work anymore.

I have this in the firewalld log

Code: Select all

2019-09-20 15:46:27 ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack'
modprobe: ERROR: could not insert 'nf_conntrack': Function not implemented
modprobe: ERROR: Error running install command for nf_conntrack
modprobe: ERROR: could not insert 'nf_conntrack': Operation not permitted
Same issue on 2 different servers
All was ok before upgrade.

Any idea?

Thank you
Giuseppe

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos 7.7 firewalld issue

Post by TrevorH » 2019/09/22 19:32:56

What's the output from uname -r ?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Giuseppe7856
Posts: 5
Joined: 2019/09/22 19:03:45
Location: Luxembourg

Re: Centos 7.7 firewalld issue

Post by Giuseppe7856 » 2019/09/22 19:50:22

Server 1:
4.9.185-xxxx-std-ipv6-64

Server 2:
4.19.62-mod-std-ipv6-64-rescue

they are ovh servers with the kernels provided by them.

Thanks.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos 7.7 firewalld issue

Post by TrevorH » 2019/09/22 20:44:15

Right, so it's likely that they didn't include the nf_conntrack* modules as part of the kernel so it fails to load them. Running modinfo nf_conntrack would tell you about the module if it exists.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Giuseppe7856
Posts: 5
Joined: 2019/09/22 19:03:45
Location: Luxembourg

Re: Centos 7.7 firewalld issue

Post by Giuseppe7856 » 2019/09/22 21:09:33

Code: Select all

[root@ns39700 ~]# modinfo nf_conntrack
modinfo: ERROR: Module nf_conntrack not found.
Yes but this module was not needed by firewalld with Centos 7.6? Is it a new feature?
Would the original CentOS kernel be OK?

Thanks.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Centos 7.7 firewalld issue

Post by jlehtone » 2019/09/23 09:21:46

Before 7.7 there was firewalld-0.5.3-5.el7
Now there is firewalld-0.6.3-2.el7_7.1

From rpm -q --changelog firewalld:

Code: Select all

* Wed Aug 21 2019 Eric Garver <egarver@redhat.com> - 0.6.3-2.el7_7.1
- backport fix to allow disabling IPv6

* Tue Mar 19 2019 Eric Garver <egarver@redhat.com> - 0.6.3-2
- backport recent upstream stable fixes
- backport fix to enable IP forwarding only if toaddr specified

* Wed Nov 14 2018 Eric Garver <egarver@redhat.com> - 0.6.3-1
- rebase package to v0.6.3, include recent stable fixes
- use QT4 patch for firewall-applet
- remove cockpit service definition, cockpit package still ships their own
- remove testsuite force of LC_ALL=C.UTF-8. RHEL-7 doesn't have C.UTF-8
- remove nftables support

* Fri Aug 17 2018 Eric Garver <egarver@redhat.com> - 0.5.3-5
...
So yes, there are probably "new features".

Yes, original CentOS has that kernel module.

Giuseppe7856
Posts: 5
Joined: 2019/09/22 19:03:45
Location: Luxembourg

Re: Centos 7.7 firewalld issue

Post by Giuseppe7856 » 2019/09/24 19:47:34

Thank you all for your answers.
The problem was the OVH kernel.
With the CentOS kernel 3.10.0-1062.1.1.el7.x86_64, everything works well. 8-)

gduh
Posts: 1
Joined: 2019/09/26 08:32:34

Re: Centos 7.7 firewalld issue

Post by gduh » 2019/09/26 08:35:30

Giuseppe7856 wrote:
2019/09/24 19:47:34
Thank you all for your answers.
The problem was the OVH kernel.
With the CentOS kernel 3.10.0-1062.1.1.el7.x86_64, everything works well. 8-)

I Have the same problem with CentOS 7 since the system has been updated.

Concretely how did you solve your problem, since I can't re-install the system completely, did you proceed with an update or else ?

dan_forest
Posts: 1
Joined: 2019/09/26 13:48:11

Re: Centos 7.7 firewalld issue

Post by dan_forest » 2019/09/26 13:50:26

I'm still facing the same issue. Any suggestions would be appreciated.


kernel version 3.10.0-1062.1.1.el7.x86_64
centos version CentOS Linux release 7.7.1908 (Core)



firewalld[7182]: ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack'
modprobe: ERROR: could not insert 'nf_conntrack': Function not implemented
modprobe: ERROR: Error running install command for nf_conntrack
modprobe: ERROR: could not insert 'nf_conntrack': Operation not permitted

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Centos 7.7 firewalld issue

Post by jlehtone » 2019/09/27 07:18:43

That is not exactly "the same issue". The OP had third-party kernel that lacks modules.

What do you get with these:

Code: Select all

# yum -q list installed kernel\*
# uname -r
# modinfo nf_conntrack

Post Reply