[CentOS] Firewalld and iptables
Jon LaBadie
jcu at labadie.us
Fri Dec 14 22:57:32 UTC 2018
On Fri, Dec 14, 2018 at 03:14:12PM -0700, Warren Young wrote:
> On Dec 14, 2018, at 2:30 PM, Jon LaBadie <jcu at labadie.us> wrote:
> >
> > After a recent large update, firewalld's status contains
> > many lines of the form:
> >
> > WARNING: COMMAND_FAILED: '/usr/sbin/iptables…
>
> What’s the rest of the command?
Well, there are about 20 of them and several screen widths
long. However they all end with one of two reasons:
: No chain/target/match by that name.
: Bad rule (does a matching rule exist in that chain?).
>
> > Checking iptables.service status shows it to be masked.
>
> That’s probably from package iptables-services, which isn’t installed by default on purpose. It’s the legacy service from before firewalld was made the default. Use one or the other, not both.
>
After the update I got email from "ckservices" that firewalld was down.
I saw the above mentioned iptable errors and checked the iptables.service
to find it masked. I shutdown firewalld, unmasked, enabled, and started
iptables.service and then firewalld. Same errors. So I shutdown iptables
service, masked it, and restarted firewalld.
> I strongly recommend that you use firewalld ...
>
Never planned to do otherwise. Just was uncertain if iptables.service
had to run also.
Thanks,
Jon
--
Jon H. LaBadie jon at jgcomp.com
11226 South Shore Rd. (703) 787-0688 (H)
Reston, VA 20190 (703) 935-6720 (C)
More information about the CentOS
mailing list