[CentOS] CentOS 7: firewalld.service operation time out - systemctl firewalld issues

Tue Sep 9 15:17:23 UTC 2014
Aled Parry <aled.skyrail at gmail.com>

I'm having a few issues with firewalld on a CentOS 7 install, in
particular when using systemctl to start/check the status of the
daemon:

Checking the firewalld daemon status
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: failed (Result: timeout) since Tue 2014-09-09 07:57:06 EDT;
2min 41s ago
 Main PID: 20212

Sep 09 07:55:35 centos.template.30kft systemd[1]: Starting firewalld -
dynamic firewall daemon...
Sep 09 07:57:05 centos.template.30kft systemd[1]: firewalld.service
operation timed out. Terminating.
Sep 09 07:57:06 centos.template.30kft systemd[1]: Failed to start
firewalld - dynamic firewall daemon.
Sep 09 07:57:06 centos.template.30kft systemd[1]: Unit
firewalld.service entered failed state.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

journalctl information from last trying to start it
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sep 09 07:55:35 centos.template.30kft systemd[1]: Starting firewalld -
dynamic firewall daemon...
-- Subject: Unit firewalld.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit firewalld.service has begun starting up.
Sep 09 07:55:35 centos.template.30kft kernel: ip_tables: (C) 2000-2006
Netfilter Core Team
Sep 09 07:55:35 centos.template.30kft kernel: nf_conntrack version
0.5.0 (3921 buckets, 15684 max)
Sep 09 07:55:35 centos.template.30kft kernel: ip6_tables: (C)
2000-2006 Netfilter Core Team
Sep 09 07:55:35 centos.template.30kft kernel: Ebtables v2.0 registered
Sep 09 07:57:05 centos.template.30kft systemd[1]: firewalld.service
operation timed out. Terminating.
Sep 09 07:57:06 centos.template.30kft kernel: Ebtables v2.0 unregistered
Sep 09 07:57:06 centos.template.30kft systemd[1]: Failed to start
firewalld - dynamic firewall daemon.
-- Subject: Unit firewalld.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit firewalld.service has failed.
-- 
-- The result is failed.
Sep 09 07:57:06 centos.template.30kft systemd[1]: Unit
firewalld.service entered failed state.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When I run firewall-cmd --state it tells me that the firewall is running:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# firewall-cmd --state
running
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And according to an nmap scan that seems to be correct:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ nmap -p1-65535 xxx.xxx.xxx.xxx

Starting Nmap 6.00 ( http://nmap.org ) at 2014-09-09 13:38 UTC
Nmap scan report for xxx.xxx.xxx.xxx
Host is up (0.0012s latency).
Not shown: 65534 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

But I'm not sure if not having systemctl control of it is an issue or not?

Version information:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)

# firewall-cmd --version
0.3.9
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I've found a similar question on RedHat's solutions knowledge base
(https://access.redhat.com/solutions/1122173) but as I'm on my own and
learning how to work with CentOS I don't have a RedHat support
subscription and thus, can't see the solution. As such I'd appreciate
anyone with any ideas, or even a nod in the right direction. (I'm
using https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html
as my reference for commands)

If you need any more information then let me know.

Thanks,
Aled

-- 
Aled Parry
aled.skyrail at gmail.com