When IPv6 is disabled firewalld shows error "UNKNOWN_ERROR: 'ip6tables' backend does not exist" and all iptables rules are empty
Issue
-
The
firewalld
service is listed bysystemd
as being in a normal state but its logging shows errors.# systemctl status firewalld --lines 50 -l ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-08-21 10:35:40 CEST; 3min 16s ago Docs: man:firewalld(1) Main PID: 2921 (firewalld) CGroup: /system.slice/firewalld.service └─2921 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid Aug 21 10:35:39 localhost systemd[1]: Starting firewalld - dynamic firewall daemon... Aug 21 10:35:40 localhost systemd[1]: Started firewalld - dynamic firewall daemon. Aug 21 10:35:42 localhost firewalld[2921]: WARNING: ip6tables not usable, disabling IPv6 firewall. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_ERROR: 'ip6tables' backend does not exist Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: UNKNOWN_ERROR: 'ip6tables' backend does not exist Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone Aug 21 10:35:43 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:43 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:43 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone
-
iptables
output shows there are no rules in place even though thefirewalld
service is listed as running bysystemd
:# iptables -nvxL Chain INPUT (policy ACCEPT 346 packets, 27484 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 212 packets, 68927 bytes) pkts bytes target prot opt in out source destination
Environment
- Red Hat Enterprise Linux 7
- firewalld-0.6.3-2.el7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.