Centos 7 Firewall Defaultly Not Working
8,709
I think you have problems relating ebtables. Please verify that you have ebtables installed and verified.
rpm -V ebtables -v (You can check meanings of output on rpm man page)
Try to restart services anc check status by journalctl
systemctl restart ebtables
journalctl -u ebtables.service
systemctl restart firewalld
journalctl -u firewalld.service
Note: Also journalctl -u firewalld.service
will be more helpfull for debuging issue.
Related videos on Youtube
Author by
Yusuf Çağlar
Updated on September 18, 2022Comments
-
Yusuf Çağlar over 1 year
I have a vps from godaddy and as i mention in article i have centos 7 in my system. The first things that i did as i headstart the server are;
$ yum update $ yum install firewalld $ systemctl start firewalld $ systemctl enable firewalld $ firewall-cmd --state not running
i tried format over and over again and other things but still get this.
Also when i try
$ firewall-cmd --reload Error: COMMAND_FAILED
And this is firewalld status
firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2017-12-17 04:31:45 MST; 23h ago Docs: man:firewalld(1) Main PID: 131 (firewalld) CGroup: /system.slice/firewalld.service └─131 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Dec 17 04:34:37 s132-148-146-167.secureserver.net firewalld[131]: WARNING: '/usr/sbin/ebtables-restore --noflush' failed: The kernel doesn't support the ebtables 'broute' table. Dec 17 04:34:37 s132-148-146-167.secureserver.net firewalld[131]: ERROR: COMMAND_FAILED Dec 17 04:43:21 s132-148-146-167.secureserver.net firewalld[131]: WARNING: ALREADY_ENABLED: ftp Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: ipset not usable, disabling ipset usage in firewall. Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: ERROR: Failed to read file "/proc/sys/net/netfilter/nf_conntrack_helper": [Errno 2] No such file or directory: '/proc/sys/net/netfilter/nf_conntrack_helper' Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: Failed to get and parse nf_conntrack_helper setting Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: INVALID_HELPER: 'nf_conntrack_ftp' is not available Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: '/usr/sbin/iptables-restore --wait=2 -n' failed: iptables-restore: line 64 failed Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: '/usr/sbin/ebtables-restore --noflush' failed: The kernel doesn't support the ebtables 'broute' table. Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: ERROR: COMMAND_FAILED
Please help. Am i doing something wrong or lack? Is that a default firewall error on my operation system? Should i blame GoDaddy for that?
Errors i saw on firewalld log;
WARNING: ip6tables not usable, disabling IPv6 firewall. WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
-
fcbsd over 6 yearsDoes the /var/log/firewalld give any further information?
-
Yusuf Çağlar over 6 yearsAs you say i looked up there and it also gives ipv6 errors. WARNING: ICMP type 'reject-route' is not supported by the ke rnel for ipv6. WARNING: ip6tables not usable, disabling IPv6 firewall.
-
jordanm over 6 yearsYour VPS is probably a (openvz?) container, which won't have access to some kernel-level functionality such as a firewall.
-
-
Yusuf Çağlar about 6 yearsThanks for answer but im not using default port. Also i figured that its about new kernel version, in older kernel versions firewall works as desired.