Aled Parry
2014-Sep-09 15:17 UTC
[CentOS] CentOS 7: firewalld.service operation time out - systemctl firewalld issues
I'm having a few issues with firewalld on a CentOS 7 install, in particular when using systemctl to start/check the status of the daemon: Checking the firewalld daemon status ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: failed (Result: timeout) since Tue 2014-09-09 07:57:06 EDT; 2min 41s ago Main PID: 20212 Sep 09 07:55:35 centos.template.30kft systemd[1]: Starting firewalld - dynamic firewall daemon... Sep 09 07:57:05 centos.template.30kft systemd[1]: firewalld.service operation timed out. Terminating. Sep 09 07:57:06 centos.template.30kft systemd[1]: Failed to start firewalld - dynamic firewall daemon. Sep 09 07:57:06 centos.template.30kft systemd[1]: Unit firewalld.service entered failed state. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ journalctl information from last trying to start it ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sep 09 07:55:35 centos.template.30kft systemd[1]: Starting firewalld - dynamic firewall daemon... -- Subject: Unit firewalld.service has begun with start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit firewalld.service has begun starting up. Sep 09 07:55:35 centos.template.30kft kernel: ip_tables: (C) 2000-2006 Netfilter Core Team Sep 09 07:55:35 centos.template.30kft kernel: nf_conntrack version 0.5.0 (3921 buckets, 15684 max) Sep 09 07:55:35 centos.template.30kft kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team Sep 09 07:55:35 centos.template.30kft kernel: Ebtables v2.0 registered Sep 09 07:57:05 centos.template.30kft systemd[1]: firewalld.service operation timed out. Terminating. Sep 09 07:57:06 centos.template.30kft kernel: Ebtables v2.0 unregistered Sep 09 07:57:06 centos.template.30kft systemd[1]: Failed to start firewalld - dynamic firewall daemon. -- Subject: Unit firewalld.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit firewalld.service has failed. -- -- The result is failed. Sep 09 07:57:06 centos.template.30kft systemd[1]: Unit firewalld.service entered failed state. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ When I run firewall-cmd --state it tells me that the firewall is running: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # firewall-cmd --state running ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ And according to an nmap scan that seems to be correct: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ nmap -p1-65535 xxx.xxx.xxx.xxx Starting Nmap 6.00 ( http://nmap.org ) at 2014-09-09 13:38 UTC Nmap scan report for xxx.xxx.xxx.xxx Host is up (0.0012s latency). Not shown: 65534 closed ports PORT STATE SERVICE 22/tcp open ssh ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ But I'm not sure if not having systemctl control of it is an issue or not? Version information: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # cat /etc/redhat-release CentOS Linux release 7.0.1406 (Core) # firewall-cmd --version 0.3.9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I've found a similar question on RedHat's solutions knowledge base (https://access.redhat.com/solutions/1122173) but as I'm on my own and learning how to work with CentOS I don't have a RedHat support subscription and thus, can't see the solution. As such I'd appreciate anyone with any ideas, or even a nod in the right direction. (I'm using https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html as my reference for commands) If you need any more information then let me know. Thanks, Aled -- Aled Parry aled.skyrail at gmail.com
dE
2014-Sep-10 08:36 UTC
[CentOS] CentOS 7: firewalld.service operation time out - systemctl firewalld issues
On 09/09/14 20:47, Aled Parry wrote:> I'm having a few issues with firewalld on a CentOS 7 install, in > particular when using systemctl to start/check the status of the > daemon: > > Checking the firewalld daemon status > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > # systemctl status firewalld > firewalld.service - firewalld - dynamic firewall daemon > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) > Active: failed (Result: timeout) since Tue 2014-09-09 07:57:06 EDT; > 2min 41s ago > Main PID: 20212 > > Sep 09 07:55:35 centos.template.30kft systemd[1]: Starting firewalld - > dynamic firewall daemon... > Sep 09 07:57:05 centos.template.30kft systemd[1]: firewalld.service > operation timed out. Terminating. > Sep 09 07:57:06 centos.template.30kft systemd[1]: Failed to start > firewalld - dynamic firewall daemon. > Sep 09 07:57:06 centos.template.30kft systemd[1]: Unit > firewalld.service entered failed state. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > journalctl information from last trying to start it > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Sep 09 07:55:35 centos.template.30kft systemd[1]: Starting firewalld - > dynamic firewall daemon... > -- Subject: Unit firewalld.service has begun with start-up > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-develDo you have any DNS names in your firewall rules?