Firewalld/IP tables error

General support questions
Post Reply
jamstaaa
Posts: 1
Joined: 2018/12/06 13:27:00

Firewalld/IP tables error

Post by jamstaaa » 2018/12/06 13:50:37

Hi all,

Hoping someone can point me in the right direction here, I recently went to make a change to the firewall on one of our Cent OS 7 machines and upon reloading firewall-cmd i was presented with the following errors;
Firewall Error.txt
(4.72 KiB) Downloaded 56 times
[root@machinehostname ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-12-06 12:43:19 GMT; 40min ago
Docs: man:firewalld(1)
Main PID: 4401 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─4401 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...ame.
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...ame.
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Hint: Some lines were ellipsized, use -l to show in full.

[root@machinehostname ~]# systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-12-06 12:43:19 GMT; 57min ago
Docs: man:firewalld(1)
Main PID: 4401 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─4401 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --destination 192.168.122.0/24 --out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --source 192.168.122.0/24 --in-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete OUTPUT --out-interface virbr0 --protocol udp --destination-port 68 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).

Obviously after expanding the errors with -l they make more sense but I am not sure what is going on since most of the lines where it is referring to ports '53', '67', '68' etc I do not recognise. For the record I am trying to add a forward rule with the following command; firewall-cmd --zone=public --add-forward-port=port=443:proto=tcp:toport=8443

Post Reply