Hi all,
Hoping someone can point me in the right direction here, I recently went to make a change to the firewall on one of our Cent OS 7 machines and upon reloading firewall-cmd i was presented with the following errors;
[root@machinehostname ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-12-06 12:43:19 GMT; 40min ago
Docs: man:firewalld(1)
Main PID: 4401 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─4401 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...ame.
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...ame.
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --ta...n?).
Hint: Some lines were ellipsized, use -l to show in full.
[root@machinehostname ~]# systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-12-06 12:43:19 GMT; 57min ago
Docs: man:firewalld(1)
Main PID: 4401 (firewalld)
Tasks: 2
CGroup: /system.slice/firewalld.service
└─4401 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --destination 192.168.122.0/24 --out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --source 192.168.122.0/24 --in-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete OUTPUT --out-interface virbr0 --protocol udp --destination-port 68 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Dec 06 12:43:19 machinehostname firewalld[4401]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Obviously after expanding the errors with -l they make more sense but I am not sure what is going on since most of the lines where it is referring to ports '53', '67', '68' etc I do not recognise. For the record I am trying to add a forward rule with the following command; firewall-cmd --zone=public --add-forward-port=port=443:proto=tcp:toport=8443
Firewalld/IP tables error
General support questions
Return to “CentOS 7 - General Support”
Jump to
- CentOS General Purpose
- ↳ CentOS - FAQ & Readme First
- ↳ Announcements
- ↳ CentOS Social
- ↳ User Comments
- ↳ Website Problems
- CentOS 8 / 8-Stream / 9-Stream
- ↳ 8 /8-Stream / 9-Stream - General Support
- ↳ 8 /8-Stream / 9-Stream - Hardware Support
- ↳ 8 /8-Stream / 9-Stream - Networking Support
- ↳ 8 /8-Stream / 9-Stream - Security Support
- CentOS 7
- ↳ CentOS 7 - General Support
- ↳ CentOS 7 - Software Support
- ↳ CentOS 7 - Hardware Support
- ↳ CentOS 7 - Networking Support
- ↳ CentOS 7 - Security Support
- CentOS Legacy Versions
- ↳ CentOS 5
- ↳ CentOS 5 - General Support
- ↳ CentOS 5 - Software Support
- ↳ CentOS 5 - Hardware Support
- ↳ CentOS 5 - Networking Support
- ↳ CentOS 5 - Server Support
- ↳ CentOS 5 - Security Support
- ↳ CentOS 5 - Oracle Installation and Support
- ↳ CentOS 5 - Miscellaneous Questions
- ↳ CentOS 6
- ↳ CentOS 6 - General Support
- ↳ CentOS 6 - Software Support
- ↳ CentOS 6 - Hardware Support
- ↳ CentOS 6 - Networking Support
- ↳ CentOS 6 - Security Support