I installed firewalld but eveytime I lanch it says “failed to connect please make all services have started correctly” so how can I make it work ? or is there another firewall that I can Install
@Batmanxxx is right, firewalld doesn’t work on CL anymore. I have several systems where firewalld was running and none of them are running anymore.
As suggested I followed this:
But it didn’t fix it.
When trying to start firewalld manually:
sudo /usr/bin/firewalld --nofork --nopid $FIREWALLD_ARGS
Password:
Traceback (most recent call last):
File "/usr/bin/firewalld", line 293, in <module>
main()
File "/usr/bin/firewalld", line 287, in main
startup(args)
File "/usr/bin/firewalld", line 237, in startup
from firewall.server import server
File "/usr/lib/python3.12/site-packages/firewall/server/server.py", line 25, in <module>
from firewall.server.firewalld import FirewallD
File "/usr/lib/python3.12/site-packages/firewall/server/firewalld.py", line 15, in <module>
from firewall.core.fw import Firewall
File "/usr/lib/python3.12/site-packages/firewall/core/fw.py", line 18, in <module>
from firewall.core import nftables
File "/usr/lib/python3.12/site-packages/firewall/core/nftables.py", line 41, in <module>
from nftables.nftables import Nftables
ModuleNotFoundError: No module named 'nftables'
The only message in the log is:
Nov 04 17:12:01 cl_sys_02 (irewalld)[3564]: firewalld.service: Referenced but unset environment variable evaluates to an empty string: FIREWALLD_ARGS
Nov 04 17:12:02 cl_sys_02 systemd[1]: firewalld.service: Main process exited, code=exited, status=1/FAILURE
Nov 04 17:12:02 cl_sys_02 systemd[1]: firewalld.service: Failed with result 'exit-code'.
Nov 04 17:12:02 cl_sys_02 systemd[1]: Failed to start firewalld.service.
When searching for “firewalld.service: Referenced but unset environment variable evaluates to an empty string: FIREWALLD_ARGS” I get a result from NixOS, where the problem also occurred. They seem to have fixed it with this patch:
opened 02:01PM - 06 Mar 24 UTC
0.kind: bug
### Describe the bug
I am unable to run firewalld because nftables' python pack… age appears to be broken:
```console
[root@nixos:/home/pablexworld]# nixos-rebuild switch
// trimmed for brevity
warning: the following units failed: firewalld.service
× firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/etc/systemd/system/firewalld.service; enabled; preset: enabled)
Drop-In: /nix/store/a0gq0dvmck0pkg6c8xkixw286iw38iaj-system-units/firewalld.service.d
└─overrides.conf
Active: failed (Result: exit-code) since Wed 2024-03-06 10:47:09 -03; 163ms ago
Docs: man:firewalld(1)
Process: 280063 ExecStart=/nix/store/ww72ipydzkrp8mjbmmdsxk473984xbpq-firewalld-2.0.1/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=1/FAILURE)
Main PID: 280063 (code=exited, status=1/FAILURE)
IP: 0B in, 0B out
CPU: 274ms
mar 06 10:47:08 nixos (irewalld)[280063]: firewalld.service: Referenced but unset environment variable evaluates to an empty string: FIREWALLD_ARGS
mar 06 10:47:08 nixos systemd[1]: Starting firewalld - dynamic firewall daemon...
mar 06 10:47:09 nixos systemd[1]: firewalld.service: Main process exited, code=exited, status=1/FAILURE
mar 06 10:47:09 nixos systemd[1]: firewalld.service: Failed with result 'exit-code'.
mar 06 10:47:09 nixos systemd[1]: Failed to start firewalld - dynamic firewall daemon.
warning: error(s) occurred while switching to the new configuration
```
Running firewalld manually reveals the error:
```console
[root@nixos:/home/pablexworld]# /nix/store/ww72ipydzkrp8mjbmmdsxk473984xbpq-firewalld-2.0.1/sbin/firewalld --nofork --nopid --debug
Traceback (most recent call last):
File "/nix/store/ww72ipydzkrp8mjbmmdsxk473984xbpq-firewalld-2.0.1/bin/.firewalld-wrapped", line 257, in <module>
main()
File "/nix/store/ww72ipydzkrp8mjbmmdsxk473984xbpq-firewalld-2.0.1/bin/.firewalld-wrapped", line 252, in main
startup(args)
File "/nix/store/ww72ipydzkrp8mjbmmdsxk473984xbpq-firewalld-2.0.1/bin/.firewalld-wrapped", line 204, in startup
from firewall.server import server
File "/nix/store/ww72ipydzkrp8mjbmmdsxk473984xbpq-firewalld-2.0.1/lib/python3.11/site-packages/firewall/server/server.py", line 40, in <module>
from firewall.server.firewalld import FirewallD
File "/nix/store/ww72ipydzkrp8mjbmmdsxk473984xbpq-firewalld-2.0.1/lib/python3.11/site-packages/firewall/server/firewalld.py", line 30, in <module>
from firewall.core.fw import Firewall
File "/nix/store/ww72ipydzkrp8mjbmmdsxk473984xbpq-firewalld-2.0.1/lib/python3.11/site-packages/firewall/core/fw.py", line 34, in <module>
from firewall.core import nftables
File "/nix/store/ww72ipydzkrp8mjbmmdsxk473984xbpq-firewalld-2.0.1/lib/python3.11/site-packages/firewall/core/nftables.py", line 35, in <module>
from nftables.nftables import Nftables
ModuleNotFoundError: No module named 'nftables'
```
After creating the relevant nix config for my Python environment, I can attest that Python is indeed unable to find the module:
```console
[nix-shell:~]$ python
Python 3.11.6 (main, Oct 2 2023, 13:45:54) [GCC 12.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import nftables
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ModuleNotFoundError: No module named 'nftables'
>>>
```
Other modules (I tested with termcolor) are working properly.
### Steps To Reproduce
Steps to reproduce the behavior:
1. add to configuration.nix:
```nix
environment.systemPackages = with pkgs; [
firewalld
];
systemd.packages = with pkgs; [ firewalld ];
services.dbus.packages = with pkgs; [ firewalld ];
systemd.services.firewalld = {
aliases = [ "dbus-org.fedoraproject.FirewallD1.service" ];
wantedBy = [ "multi-user.target" ];
};
```
2. sudo nixos-rebuild switch
3. warning: the following units failed: firewalld.service
4. python.nix:
```nix
let
pkgs = import <nixpkgs> {};
in pkgs.mkShell {
packages = [
(pkgs.python3.withPackages (python-pkgs: [
python-pkgs.nftables
]))
];
}
```
5. running nix-shell python.nix and typing import nftables into python yields the error above
### Notify maintainers
@Izorkin
### Metadata
Please run `nix-shell -p nix-info --run "nix-info -m"` and paste the result.
```console
[pablexworld@nixos:~]$ nix-shell -p nix-info --run "nix-info -m"
- system: `"x86_64-linux"`
- host os: `Linux 6.6.1-zen1, NixOS, 23.11 (Tapir), 23.11.4835.c8e74c2f83fe`
- multi-user?: `yes`
- sandbox: `yes`
- version: `nix-env (Nix) 2.18.1`
- channels(root): `"home-manager-23.11.tar.gz, nixos-23.11"`
- nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
```
---
Add a :+1: [reaction] to [issues you find important].
[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc
and this links to →
NixOS:staging
← alaviss:firewalld
opened 10:43PM - 09 Dec 22 UTC
###### Description of changes
Add new module to allow for configuration of fi… rewalld.
This PR contains a couple auxiliary fixes:
- `nftables`: Fixed python module default SO import path.
- `firewalld`: Fixed `firewall-applet` and `networkmanager` integration.
I can split this into other PRs if that's desired.
TODO (in a future PR, maybe):
- Add an option to allow for overlaying extra default configurations. NetworkManager is known to ship with a zone configuration (disabled by default on NixOS, though).
- Patch `firewalld` to let it load base config from the default config directory (ie. `/lib/firewalld/firewalld.conf`). This should allow for `services.firewalld.config` to be used in tandem with ordinary user configs.
Fixes #165882
Fixes #249609
###### Things done
- Built on platform(s)
- [x] x86_64-linux
- [ ] aarch64-linux
- [ ] x86_64-darwin
- [ ] aarch64-darwin
- [ ] For non-Linux: Is `sandbox = true` set in `nix.conf`? (See [Nix manual](https://nixos.org/manual/nix/stable/command-ref/conf-file.html))
- [ ] Tested, as applicable:
- [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- and/or [package tests](https://nixos.org/manual/nixpkgs/unstable/#sec-package-tests)
- or, for functions and "core" functionality, tests in [lib/tests](https://github.com/NixOS/nixpkgs/blob/master/lib/tests) or [pkgs/test](https://github.com/NixOS/nixpkgs/blob/master/pkgs/test)
- made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages
- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
- [23.05 Release Notes (or backporting 22.11 Release notes)](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#generating-2305-release-notes)
- [ ] (Package updates) Added a release notes entry if the change is major or breaking
- [ ] (Module updates) Added a release notes entry if the change is significant
- [ ] (Module addition) Added a release notes entry if adding a new NixOS module
- [ ] (Release notes changes) Ran `nixos/doc/manual/md-to-db.sh` to update generated release notes
- [x] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md).
<!--
To help with the large amounts of pull requests, we would appreciate your
reviews of other pull requests, especially simple package updates. Just leave a
comment describing what you have tested in the relevant package/service.
Reviewing helps to reduce the average time-to-merge for everyone.
Thanks a lot if you do!
List of open PRs: https://github.com/NixOS/nixpkgs/pulls
Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing-contributions
-->
hksdpc255 has posted a temporary workaround on Github:
opened 05:37PM - 21 Jun 22 UTC
bug
new
Upgraded from 36420 to latest (36510) and Firewalld stopped working. Replicated … the issue on second server.
Unfortunately there is not too much useful information in the logs:
```
systemctl status firewalld
× firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2022-06-19 08:41:35 PDT; 4min 57s ago
Docs: man:firewalld(1)
Process: 7578 ExecStart=/usr/bin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=1/FAILURE)
Main PID: 7578 (code=exited, status=1/FAILURE)
Jun 19 08:41:35 ****** systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 19 08:41:35 ****** systemd[1]: firewalld.service: Main process exited, code=exited, status=1/FAILURE
Jun 19 08:41:35 ****** systemd[1]: firewalld.service: Failed with result 'exit-code'.
Jun 19 08:41:35 ****** systemd[1]: Failed to start firewalld - dynamic firewall daemon.
```
journalctl -xeu firewalld.service
```
Jun 19 08:41:35 ******* systemd[1]: Starting firewalld - dynamic firewall daemon...
░░ Subject: A start job for unit firewalld.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit firewalld.service has begun execution.
░░
░░ The job identifier is 684.
Jun 19 08:41:35 ****** systemd[1]: firewalld.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ An ExecStart= process belonging to unit firewalld.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jun 19 08:41:35 ******* systemd[1]: firewalld.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit firewalld.service has entered the 'failed' state with result 'exit-code'.
Jun 19 08:41:35 ******* systemd[1]: Failed to start firewalld - dynamic firewall daemon.
░░ Subject: A start job for unit firewalld.service has failed
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit firewalld.service has finished with a failure.
░░
░░ The job identifier is 684 and the job result is failed.
```
I’m guessing could be related to the python3 version. Do not think Firewalld was updated between latest versions some dependency has changed.
It helped to get my System running again.