Translated message

A translation of this page exists in English.

IPv6 が無効になると、firewalld で「UNKNOWN_ERROR: 'ip6tables' backend does not exist」エラーが発生し、すべての iptables のルールは空になる

Solution Verified - Updated -

Issue

  • firewalld サービスは、systemd によって通常の状態にあると表示されますが、ログ記録にはエラーが表示されています。

    # systemctl status firewalld --lines 50 -l
    ● firewalld.service - firewalld - dynamic firewall daemon
       Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
       Active: active (running) since Wed 2019-08-21 10:35:40 CEST; 3min 16s ago
         Docs: man:firewalld(1)
     Main PID: 2921 (firewalld)
       CGroup: /system.slice/firewalld.service
               └─2921 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
    
    Aug 21 10:35:39 localhost systemd[1]: Starting firewalld - dynamic firewall daemon...
    Aug 21 10:35:40 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
    Aug 21 10:35:42 localhost firewalld[2921]: WARNING: ip6tables not usable, disabling IPv6 firewall.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_ERROR: 'ip6tables' backend does not exist
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: UNKNOWN_ERROR: 'ip6tables' backend does not exist
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone
    Aug 21 10:35:43 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:43 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain
    
                                     Error occurred at line: 2
                                     Try `iptables-restore -h' or 'iptables-restore --help' for more information.
    Aug 21 10:35:43 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone
    
  • firewalld サービスが systemd によって実行中と表示されているにもかかわらず、iptables の出力にはルールがないと表示されます。

    # iptables -nvxL
    Chain INPUT (policy ACCEPT 346 packets, 27484 bytes)
        pkts      bytes target     prot opt in     out     source               destination         
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
        pkts      bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 212 packets, 68927 bytes)
        pkts      bytes target     prot opt in     out     source               destination
    

Environment

  • Red Hat Enterprise Linux 7
  • firewalld-0.6.3-2.el7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content