firewalld.service fails to start with INVALIDARGUMENT error

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Red Hat Enterprise Linux 10
  • firewalld

Issue

  • firewalld.service doesn't start. The logs show the following error message:
Main process exited, code=exited, status=2/INVALIDARGUMENT

Resolution

  • Check if any special character/symbol is present in /etc/sysconfig/firewalld, remove it followed by a restart of firewalld.service. If the issue persists after these changes then open a case with Red Hat support for further investigation.

Root Cause

  • The FIREWALLD_ARGS has an invalid character present in /etc/sysconfig/firewalld which is causing the INVALIDARGUMENT error.

Diagnostic Steps

  • Check the status of firewalld.service and journalctl logs.
[abc@node2.example.com]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2023-02-12 20:01:58 IST; 8min ago
     Docs: man:firewalld(1)
  Process: 6782 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=2)
 Main PID: 6782 (code=exited, status=2)

Feb 12 20:01:58 node2.example.com systemd[1]: firewalld.service: Succeeded.
Feb 12 20:01:58 node2.example.com systemd[1]: Stopped firewalld - dynamic firewall daemon.
Feb 12 20:01:58 node2.example.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 12 20:01:58 node2.example.com systemd[1]: firewalld.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Feb 12 20:01:58 node2.example.com systemd[1]: firewalld.service: Failed with result 'exit-code'.
Feb 12 20:01:58 node2.example.com systemd[1]: Failed to start firewalld - dynamic firewall daemon.


[abc@node2.example.com]# journalctl -xe | grep firewalld
Feb 12 20:01:58 node2.example.com systemd[1]: firewalld.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Feb 12 20:01:58 node2.example.com systemd[1]: firewalld.service: Failed with result 'exit-code'.
-- The unit firewalld.service has entered the 'failed' state with result 'exit-code'.
Feb 12 20:01:58  node2.example.comsystemd[1]: Failed to start firewalld - dynamic firewall daemon.
-- Subject: Unit firewalld.service has failed
-- Unit firewalld.service has failed.
  • Check any invalid characters present in /etc/sysconfig/firewalld
[abc@node2.example.com]cat /etc/sysconfig/firewalld
# firewalld command line args
# possile values: --debug
FIREWALLD_ARGS=a<--------------remove 'a'

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments