On Fri, Dec 14, 2018 at 03:14:12PM -0700, Warren Young wrote:
On Dec 14, 2018, at 2:30 PM, Jon LaBadie jcu@labadie.us wrote:
After a recent large update, firewalld's status contains many lines of the form:
WARNING: COMMAND_FAILED: '/usr/sbin/iptables…
What’s the rest of the command?
Well, there are about 20 of them and several screen widths long. However they all end with one of two reasons:
: No chain/target/match by that name. : Bad rule (does a matching rule exist in that chain?).
Checking iptables.service status shows it to be masked.
That’s probably from package iptables-services, which isn’t installed by default on purpose. It’s the legacy service from before firewalld was made the default. Use one or the other, not both.
After the update I got email from "ckservices" that firewalld was down. I saw the above mentioned iptable errors and checked the iptables.service to find it masked. I shutdown firewalld, unmasked, enabled, and started iptables.service and then firewalld. Same errors. So I shutdown iptables service, masked it, and restarted firewalld.
I strongly recommend that you use firewalld ...
Never planned to do otherwise. Just was uncertain if iptables.service had to run also.
Thanks, Jon