[CentOS] firewall-config not functional
lst_manage at webengineer.com
Tue Jun 7 17:03:07 UTC 2016
On 06/07/2016 05:05 AM, James Hogarth wrote:
> On 7 Jun 2016 12:44, "Emmett Culley" <lst_manage at webengineer.com> wrote:
>> I have a number of machines (hardware and VMs) running CentOS 7. I all
> cases firewall-config is not functional.
>> First, the service check boxes are not functional. When you click on
> one, it don't change to "checked", and nothing changes on the firewall.
> However you do see a "Changes applied"
>> Sometimes, f you go to permanent mode and attempt to edit a zone, the
> whole desktop locks up as soon as you click on the default target dropdown.
>> When I run firewall-config from the command line I see the following:
>> org.freedesktop.DBus.Error.ServiceUnknown: The name
> org.freedesktop.NetworkManager was not provided by any .service files
>> (firewall-config:5079): Gtk-CRITICAL **: gtk_tree_view_get_path_at_pos:
> assertion 'tree_view != NULL' failed
>> with the second line repeating many times and often while attempting to
> interact with the GUI.
>> We don't use NetworkManager except on laptops, and so do not install it.
> Though we do install NetworkManager-glib, if only because some packages
> require it.
>> After seeing a similar bug on the RHEL I also installed
> NetworkManager-libnm, but that did not make a difference. That RHEL bug
> also mentioned this problem only occurs on KDE, and not Gnome. And we only
> install KDE when a GUI is required, or desired.
> I'd suggest you install and test with NetworkManager
> Do note that the EL7 NM is a far cry from the one that shipped with EL6 and
> unless you specifically need a facility not exposed by NM it is strongly
> recommended you use it.
> Take a look at my article on nmcli - it's rather lovely to use now:
> As for the firewall tool... don't use it ... it's horrible
> Either use firewall-cmd to configure at the CLI or switch to iptables and
> configure that as you did EL6
I actually like the firewall config tool as it provides easy, out of the box, management of servers that don't require complicated iptables rules. At least it was easy when it worked. For more complicated servers, like gateways, we use shorewall.
I can see no use case for NetwortManager on our systems. All network connections are static.
The exception to that is a couple of laptops, and I agree that NetworkManager has gotten very handy in that single use case.
Making any application dependent on NetworkManager is just plain silly. Even requiring installation of the NetworkManager libs should not be required.
I suspect that this should probably be brought with the KDE group as it seems to be a problem with how some GTK apps are working within the KDE environment.
More information about the CentOS