Re: [CentOS] CentOS 7: firewalld.service operation time out - systemctl firewalld issues
On 10 September 2014 10:11, Aled Parry aled.skyr...@gmail.com wrote: On 10 September 2014 09:36, dE de.tec...@gmail.com wrote: Do you have any DNS names in your firewall rules? I don't, the setup is quite basic actually with a single zone (public) with two services in it (/etc/firewalld/zones/public.xml): ~~ ?xml version=1.0 encoding=utf-8? zone shortPublic/short descriptionFor use in public areas.../description service name=dhcpv6-client/ service name=ssh/ /zone ~~ Which are both using the default service XML files found in /usr/lib/firewalld/services Thanks, Well to help anyone else who may have this issue in the future, I asked in the #centos channel and JHogarth solved it pretty quickly. JHogarth Skyrail: systemctl stop firewalld ; pkill -f firewalld ; systemctl start firewalld JHogarth Skyrail: for future reference I find it useful to do a ps -efc and look for the process if it fails to start JHogarth systemd didn't know about the process that it didn't start in the first place of course So running those commands stops the firewall, kills the firewalld process and restarts it using systemctl so it has full control again. Makes sense when someone points it out to you! Thanks to JHogarth for that, hopefully someone else will find this useful in the future. -- Aled Parry aled.skyr...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7: firewalld.service operation time out - systemctl firewalld issues
On 10 September 2014 09:36, dE de.tec...@gmail.com wrote: Do you have any DNS names in your firewall rules? I don't, the setup is quite basic actually with a single zone (public) with two services in it (/etc/firewalld/zones/public.xml): ~~ ?xml version=1.0 encoding=utf-8? zone shortPublic/short descriptionFor use in public areas.../description service name=dhcpv6-client/ service name=ssh/ /zone ~~ Which are both using the default service XML files found in /usr/lib/firewalld/services Thanks, -- Aled Parry aled.skyr...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7: firewalld.service operation time out - systemctl firewalld issues
I'm having a few issues with firewalld on a CentOS 7 install, in particular when using systemctl to start/check the status of the daemon: Checking the firewalld daemon status ~~ # systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: failed (Result: timeout) since Tue 2014-09-09 07:57:06 EDT; 2min 41s ago Main PID: 20212 Sep 09 07:55:35 centos.template.30kft systemd[1]: Starting firewalld - dynamic firewall daemon... Sep 09 07:57:05 centos.template.30kft systemd[1]: firewalld.service operation timed out. Terminating. Sep 09 07:57:06 centos.template.30kft systemd[1]: Failed to start firewalld - dynamic firewall daemon. Sep 09 07:57:06 centos.template.30kft systemd[1]: Unit firewalld.service entered failed state. ~~ journalctl information from last trying to start it ~~ Sep 09 07:55:35 centos.template.30kft systemd[1]: Starting firewalld - dynamic firewall daemon... -- Subject: Unit firewalld.service has begun with start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit firewalld.service has begun starting up. Sep 09 07:55:35 centos.template.30kft kernel: ip_tables: (C) 2000-2006 Netfilter Core Team Sep 09 07:55:35 centos.template.30kft kernel: nf_conntrack version 0.5.0 (3921 buckets, 15684 max) Sep 09 07:55:35 centos.template.30kft kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team Sep 09 07:55:35 centos.template.30kft kernel: Ebtables v2.0 registered Sep 09 07:57:05 centos.template.30kft systemd[1]: firewalld.service operation timed out. Terminating. Sep 09 07:57:06 centos.template.30kft kernel: Ebtables v2.0 unregistered Sep 09 07:57:06 centos.template.30kft systemd[1]: Failed to start firewalld - dynamic firewall daemon. -- Subject: Unit firewalld.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit firewalld.service has failed. -- -- The result is failed. Sep 09 07:57:06 centos.template.30kft systemd[1]: Unit firewalld.service entered failed state. ~~ When I run firewall-cmd --state it tells me that the firewall is running: ~~ # firewall-cmd --state running ~~ And according to an nmap scan that seems to be correct: ~~ $ nmap -p1-65535 xxx.xxx.xxx.xxx Starting Nmap 6.00 ( http://nmap.org ) at 2014-09-09 13:38 UTC Nmap scan report for xxx.xxx.xxx.xxx Host is up (0.0012s latency). Not shown: 65534 closed ports PORT STATE SERVICE 22/tcp open ssh ~~ But I'm not sure if not having systemctl control of it is an issue or not? Version information: ~~ # cat /etc/redhat-release CentOS Linux release 7.0.1406 (Core) # firewall-cmd --version 0.3.9 ~~ I've found a similar question on RedHat's solutions knowledge base (https://access.redhat.com/solutions/1122173) but as I'm on my own and learning how to work with CentOS I don't have a RedHat support subscription and thus, can't see the solution. As such I'd appreciate anyone with any ideas, or even a nod in the right direction. (I'm using https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html as my reference for commands) If you need any more information then let me know. Thanks, Aled -- Aled Parry aled.skyr...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos