IPv6 が無効になると、firewalld で「UNKNOWN_ERROR: 'ip6tables' backend does not exist」エラーが発生し、すべての iptables のルールは空になる
Issue
-
firewalld
サービスは、systemd
によって通常の状態にあると表示されますが、ログ記録にはエラーが表示されています。# systemctl status firewalld --lines 50 -l ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-08-21 10:35:40 CEST; 3min 16s ago Docs: man:firewalld(1) Main PID: 2921 (firewalld) CGroup: /system.slice/firewalld.service └─2921 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid Aug 21 10:35:39 localhost systemd[1]: Starting firewalld - dynamic firewall daemon... Aug 21 10:35:40 localhost systemd[1]: Started firewalld - dynamic firewall daemon. Aug 21 10:35:42 localhost firewalld[2921]: WARNING: ip6tables not usable, disabling IPv6 firewall. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_ERROR: 'ip6tables' backend does not exist Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: UNKNOWN_ERROR: 'ip6tables' backend does not exist Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone Aug 21 10:35:42 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:42 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone Aug 21 10:35:43 localhost firewalld[2921]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:43 localhost firewalld[2921]: ERROR: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: goto 'FWDI_public' is not a chain Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. Aug 21 10:35:43 localhost firewalld[2921]: ERROR: UNKNOWN_INTERFACE: 'eth1' is not in any zone
-
firewalld
サービスがsystemd
によって実行中と表示されているにもかかわらず、iptables
の出力にはルールがないと表示されます。# iptables -nvxL Chain INPUT (policy ACCEPT 346 packets, 27484 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 212 packets, 68927 bytes) pkts bytes target prot opt in out source destination
Environment
- Red Hat Enterprise Linux 7
- firewalld-0.6.3-2.el7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.