top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How to cleanly stop and restart firewalld?

+1 vote

We always see failures after doing; systemctl stop firewald followed by systemctl start firewalld. To clear the issue we seem to have to reboot the system.

posted Jun 16, 2015 by Rameshwar

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button
Have you tried using this:

systemctl restart firewald

Similar Questions
+2 votes

I'm struggling to stop '' hogging the CPU & sending the load averages over 2.00.

I've disabled it via the GUI in Software & rebooted but it's still running every five minutes. Is there a way of dealing with this via the cli?

My Version is: Fedora20.

0 votes

I have been looking at the new Fedora firewall 'firewalld' and the 'firewall-cmd' command. I'm currently running F17 on a PC with an F18 virtual machine, and have been trying to understand firewalld prior to
upgrading to Fedora 19.

The PC has a modified iptables. So I have been trying to see how to incorporate the changes into the new firewalld. I suspect I will need to use the 'firewall-cmd --direct' option to add the iptables rules (as I
see no other way of specifying on the rules source/destination addresses using 'firewall-cmd').

However, 'firewall-cmd' offers both the '--get-chains' and '--get-rules' options, but these both require specifying which table is to be used. How do I know what the tables are? There is no '--get-tables' option.
I can run 'cat /proc/net/ip_tables_names' and this lists the standard iptables tables (nat ,mangle, filter). But if I use these names with 'firweall-cmd' all I get is a blank line displayed. E.g.

 firewall-cmd --direct --get-chains ipv4 nat

The same occurs with all the table names.

So, my question is this, is 'firewall-cmd' working correctly and simply stating that none of the tables have any chains (and so no rules) Secondly, how do I find out what tables are defined for firewalld?

+1 vote

I'd like to configure FirewallD to protect qemu/kvm host and maybe guests but the second one is not so important for me because each guest has it's own firewall.

What I don't understand is how FirewallD works with network bridges. Currently, I have bridge (br0) in trusted zone to allow as much traffic as possible, and p3p1 (which is NIC connected to switch) in public zone. When I put bridge in public zone I cut off networking from guests.

My question is, should I change rules on bridge or p3p1 and what is the correlation between them? What should I configure to pass networking traffic to guests but protect all ports on host system?

0 votes

Runnning old "Fedora 20-x86_64", and want to install Fedora-Kde-live-25-1-3.

$ uname -rov
3.19.8-100.fc20.x86_64 #1 SMP Tue May 12 17:08:50 UTC 2015 GNU/Linux

$ sudo lvmdiskscan
/dev/fedora/root [ 50,00 GiB]
/dev/fedora/swap [ 3,77 GiB]
/dev/sda2 [ 500,00 MiB]
/dev/vg_maq01/lv_swap [ 5,75 GiB]
/dev/sda3 [ 118,75 GiB] LVM physical volume
/dev/vg_maq01/lv_home [ 63,00 GiB]
/dev/vg_maq01/lv_root [ 50,00 GiB]
/dev/fedora/home [ 48,48 GiB]
/dev/sdb2 [ 500,00 MiB]
/dev/sdb3 [ 194,87 GiB]
/dev/sdb4 [ 500,00 MiB]
/dev/sdb5 [ 102,24 GiB] LVM physical volume
6 disks
4 partitions
0 LVM physical volume whole disks
2 LVM physical volumes

The /dev/sda* is a SSD(KINGSTON SV200S3128G) 128GB, with old "Fedora 16-x86_64", and only want to recover some files in /home.

The /dev/sdb* is a Seagate(ST3320613AS) 320GB, running old "Fedora 20-x86_64", with some important file in /home.

$ sudo lvscan
ACTIVE '/dev/fedora/swap' [3,77 GiB] inherit
ACTIVE '/dev/fedora/home' [48,48 GiB] inherit
ACTIVE '/dev/fedora/root' [50,00 GiB] inherit
ACTIVE '/dev/vg_maq01/lv_swap' [5,75 GiB] inherit
ACTIVE '/dev/vg_maq01/lv_home' [63,00 GiB] inherit
ACTIVE '/dev/vg_maq01/lv_root' [50,00 GiB] inherit

$ mount | grep /dev/mapper
/dev/mapper/fedora-root on / type ext4 (rw,relatime,seclabel,data=ordered)
/dev/mapper/fedora-home on /home type ext4

Want to mount the SSD on "Fedora 20" to recover some files, copying it to /dev/sdb3 space(/dev/sdb3 not used/mounted). After this, I can erase all SSD and install "Fedora 25" on it.

Thanks for help.

0 votes

For some reason I have to temporarily deactivate IPv6 interface configuration on a F22 server box.

According to documentation (or at least as I understood) it could be done either by adding

to /etc/sysconfig/network-scripts/ifcfg-eth0


to /etc/sysconfig/network

I tried both, executed "nmcli c reload", "systemctl restart NetworkManager", even rebooted the system. No change in network configuration. In ifconfig I have a local link address as well as a global address as advertised by the router and autoconfig based on mac address.

All those options are documented in usr/share/doc/initscripts/sysconfig.txt, so I guess these are still valid options.

Now I am wondering what I may have overlooked or missed?

Any hint appreciated.