On Thu, Jan 12, 2012 at 3:50 PM, Paolo Galtieri <pgaltieri@xxxxxxxxx> wrote: > In F14 I'm used to editing /etc/sysconf/iptables, add my rules and run > service iptables restart to reload the rules. > > I assumed that the way to do it now was systemctl reload iptables.service. > This of course was wrong. So I did a little googleing. If the old way was "service iptables restart", the new way would be "systemctl restart iptables.service". systemd most certainly did not change the meaning of "stop", "start", "restart", or "reload", so you should continue to use the same verb with systemctl. Incidentally, "service iptables restart" will still work too. The systemd unit file for iptables doesn't define a "reload" action, presumably because the old initscript didn't either. IIUC, there isn't a way to "reload" iptables rules in the classic sense of the word. (It usually means "reload configuration without restarting the daemon", but iptables requires a restart to reload the configuration.) IIRC, firewalld is supposed to fix this, but it isn't ready for prime time yet, which is why it's not enabled by default and perhaps why it's giving you grief. I would just dispense with it for now and do things as you always did. > There apparently is a new firewall daemon firewalld in F16. Which > interstingly enough is not installed by default though iptables are. > > So I install firewalld, enable the service and then start the service. I > run iptables --list to see the current config. > > I edit the /etc/sysconf/iptables file and enter systemctl reload > firewalld.service and much to my surprise I get the following > > [root@virtualF16 sysconfig]# systemctl reload firewalld.service > Job failed. See system logs and 'systemctl status' for details. > > [root@virtualF16 sysconfig]# systemctl status firewalld.service > > firewalld.service - Firewall dynamic change handling daemon > Loaded: loaded (/lib/systemd/system/firewalld.service; enabled) > Active: active (running) since Thu, 12 Jan 2012 15:35:27 -0700; 9min > ago > Process: 25110 ExecStart=/usr/sbin/firewalld $FIREWALLD_ARGS > (code=exited, status=0/SUCCESS) > Main PID: 25111 (firewalld) > CGroup: name=systemd:/system/firewalld.service > ��� 25111 /usr/bin/python /usr/sbin/firewalld > ��� 25448 /usr/bin/python /usr/bin/firewall-cmd --reload > > In /var/log/messages I see the following: > > Jan 12 15:36:27 virtualF16 firewall-cmd[25448]: > ERROR:dbus.proxies:Introspect error on :1.387:/org/fedoraproject/FirewallD: > dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not > receive a reply. Possible causes include: the remote application did not > send a reply, the message bus security policy blocked the reply, the reply > timeout expired, or the network connection was broken. > Jan 12 15:37:32 virtualF16 systemd[1]: firewalld.service operation timed > out. Stopping. > > However systemctl stop firewalld.service and systemctl start > firewalld.service work just fine. > > However, I still have not found out how to modify /etc/sysconf/iptables and > get the new rules reloaded because firewalld does nothing with iptables. > > I looked in the F16 System Administrators guide and there was nothing on > iptables there. > > Any assistance is appreciated. > > Paolo -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
