[CentOS] Centos 7 - iptables service failed to start
Adam King
kinga at sghs.org.uk
Mon Aug 11 11:39:44 UTC 2014
Try systemctl stop firewalld, I had to disable that too
Adam King
IT Systems Administrator
Skipton Girls High School
01756 707600
www.sghs.org.uk
----- Original Message -----
From: "Neil Aggarwal" <neil at JAMMConsulting.com>
To: centos at centos.org
Sent: Sunday, August 10, 2014 4:21:33 AM
Subject: [CentOS] Centos 7 - iptables service failed to start
Hello all:
I did a fresh install of CentOS 7 on a new machine.
I wrote /usr/local/bin/firewall.stop to remove all the firewall rules.
It contains this code:
# Flush the rules
/usr/sbin/iptables -F
# Set the default policies to accept
/usr/sbin/iptables -P INPUT ACCEPT
/usr/sbin/iptables -P OUTPUT ACCEPT
/usr/sbin/iptables -P FORWARD ACCEPT
I wrote /usr/local/bin/firewall.start to set the firewall rules.
It contains this code:
# IP definitions
ETH0_IP=a.b.c.d
# Load the FTP conntrak module
/usr/sbin/modprobe nf_conntrack_ftp
# Set the default policies to drop all packets
/usr/sbin/iptables -P INPUT DROP
/usr/sbin/iptables -P OUTPUT DROP
/usr/sbin/iptables -P FORWARD DROP
# Flush any existing rules
/usr/sbin/iptables -F
# Allow loopback traffic
/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Allow icmp protocol packets
/usr/sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p icmp -j ACCEPT
/usr/sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p icmp -j ACCEPT
[ Additional allow rules here ]
If I run the firewall.start script manually, it sets the iptables rules
correctly.
If I run the firewall.stop script manually, it removes the iptables rules
correctly.
The problem comes in when I am trying to execute this from systemd.
I wrote /etc/systemd/system/firewall.service with this content:
[Unit]
Description=Iptables firewall
Before=network.target
Wants=network.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/firewall.start
ExecStop=/usr/local/bin/firewall.stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Now, when I run systemctl start firewall.service, I get this output:
Job for firewall.service failed. See 'systemctl status firewall.service' and
'journalctl -xn' for details.
If I do systemctl status firewall.status, it gives me:
firewall.status.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
journalctl -xn gives me this output:
Aug 10 06:09:38 jamm23.jammconsulting.com systemd[1]: Starting Iptables
firewall...
-- Subject: Unit firewall.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit firewall.service has begun starting up.
Aug 10 06:09:38 jamm23.jammconsulting.com systemd[2268]: Failed at step EXEC
spawning /usr/local/bin/firewall.start: Exec format error
-- Subject: Process /usr/local/bin/firewall.start could not be executed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- The process /usr/local/bin/firewall.start could not be executed and
failed.
--
-- The error number returned while executing this process is 8.
Aug 10 06:09:38 jamm23.jammconsulting.com systemd[1]: firewall.service: main
process exited, code=exited, status=203/EXEC
Aug 10 06:09:38 jamm23.jammconsulting.com systemd[1]: Failed to start
Iptables firewall.
-- Subject: Unit firewall.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit firewall.service has failed.
--
-- The result is failed.
Aug 10 06:09:38 jamm23.jammconsulting.com systemd[1]: Unit firewall.service
entered failed state.
Any ideas what is happening here?
Thanks,
Neil
--
Neil Aggarwal, (972) 834-1565
We lend money to investors to buy or refinance single family rent houses.
No origination fees, quick approval, no credit check.
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list