Description of problem: Run any LiceCD/DVD in Live mode, or install M3 from LiveCD/DVD. During Live mode and after finishing install, systemctl status shorewall6.service shows: Unit shorewall6.service entered failed state. Reproducible: Steps to Reproduce:
Whiteboard: (none) => 3RC
valid latest 3RC live isos (24th April)
Keywords: (none) => TriagedCC: (none) => mageia, thierry.vignaud, tmbComponent: Installer => RPM PackagesSource RPM: (none) => shorewall
CC: thierry.vignaud => (none)
Valid with final prerelease isos dated 11/5.
Whiteboard: 3RC => 3final
And valid with Mageia 3 final prerelease isos currently testing (date: Wed May 15 15:40:38 CEST 2013
CC: (none) => ennael1Summary: LiveCDs/DVDs: during live mode and after install: shorewall6 entered failed state => Classical & LiveDVDs/CDs: during live mode and after install: shorewall6 entered failed stateSource RPM: shorewall => shorewall6
Comparing /etc/shorewall6 directory content after finishing installation with a well working /<mntcurrentcauldron>/etc/shorewall6 I note following: File from iso File from working sw6 in CC Difference name / permission name / permission ----------------- --------------------------- ---------------------- zones 644 fw firewall zones 700 net ipv6 fw firewall interfaces < no content> interfaces net eth0 net wlan0 policy <no content> policy fw net ACCEPT net all DROP info all all REJECT info shorewall6.conf shorewall6.conf not much different, but I do use the line: SUBSYSLOCK=/var/lock/subsys/shorewall6 instead of: ............................shorewall
confirmed latest prerelease... i have no idea how the detection of this is done (if it is done) however ip6tables shows all ACCEPT policies
CC: (none) => alien
Content of shorewall6-init.log: May 18 12:45:05 Processing /etc/shorewall6/params ... May 18 12:45:05 Processing /etc/shorewall6/shorewall6.conf... May 18 12:45:05 Loading Modules... May 18 12:45:10 Compiling /etc/shorewall6/zones... May 18 12:45:10 ERROR: No IP zones defined
drakfirewall configures shorewall only for ipv4 ( /etc/shorewall/{zones, interfaces, policy, rules, rules.drakx}, not for ipv6 ( /etc/shorewall6/{zones, interfaces, policy, ...} ). That's why shorewall6 complains that no IP zones are defined in /etc/shorewall6/zones. Before using shorewall6, /etc/shorewall6/{zones, interfaces, policy} must be configured manually for the time being.
CC: (none) => lmenutSource RPM: shorewall6 => shorewall6, drakx-net, libdrakx-net
*** Bug 10155 has been marked as a duplicate of this bug. ***
CC: (none) => thierry.aniel
Interestingly reporter of #10155 describes the workaround for it to start working (belatedly, but he says it works:): Thierry ANIEL 2013-05-19 15:56:00 CEST Description of problem: shorewall6 service launch at startup fails as a consequence, management of firewall through mageia control center is not efficient. This can be fixed as follow : 1/ uninstall shorewall-ipv6 2/ try to edit your firewall configuration 3/ mageia control center complains that you must install shorewall-ipv6 4/ accept to install it 5/ all works now
it might be that it copies the settings from regular shorewall at that time.
To #c10: that is possible only in part!
I have the same problem as comment 9 on my Mageia release 3 (Official) for x86_64 Kernel 3.8.13-desktop-1.mga3 on a 4-processor x86_64 with a new installation. This can be fixed as follow : 1/ uninstall shorewall-ipv6 2/ try to edit your firewall configuration 3/ mageia control center complains that you must install shorewall-ipv6 4/ accept to install it 5/ all works now This solution works well, but only once. If I want to, again, configure the firewall, it does not work a second time.
CC: (none) => geiger.david68210
@David Geiger: you probably get *rpmnew files, but at least you should (re)move the remaining content of /etc/shorewall6 directory after step 1/ in #c12
(In reply to Dick Gevers from comment #13) > @David Geiger: you probably get *rpmnew files, but at least you should > (re)move the remaining content of /etc/shorewall6 directory after step 1/ in > #c12 No for me it's always the same. 1/ Uninstall shorewall-ipv6 2/ remove the remaining content of /etc/shorewall6 3/ try to edit your firewall configuration 4/ mageia control center complains that you must install shorewall-ipv6 5/ accept to install it Second test : 1/ Uninstall shorewall and shorewall-ipv6 2/ remove the remaining content of /etc/shorewall6 and shorewall 3/ try to edit your firewall configuration 4/ mageia control center complains that you must install shorewall-ipv6, shorewall 5/ accept to install it it does not work a second time.
CC: (none) => wilcal.int
Same problem here - and great thanks, the workaround did the job. I think that the priority and severity should be raised - I came upon the problem because my backupserver could not rsync into a newly installed Mageia3 laptop - without this bug fixed - or knowing the workaround - Mageia3 systems cannot be integrated into a LAN - no ping, no ssh, no rsync (and, this bug is difficult to find if a naive user installs Mageia3 and sees "ssh does not work any more ...") Two additional interesting facts: - this problem is not limited to editing the firewall with drakconf: I defined the firewall during installation (e.g. allowing rsync), but the system that comes out of the install does not reflect what I had done during install; - this problem is a regression with respect to RC1 (but my RC1 system did not get the most recent updates - I had stopped installing updates 2 weeks ago) - configuring the firewall on an RC1 system (and editing it with drakconf) worked without problem.
CC: (none) => juergen.harms
CC: (none) => paiiou
I have the same problem. The workaround works for me
I have found that shorewall is blocking my udp PS3 Media Server [1] and ppp0 for a dial-up connection made by wvdial. `shorewall clear` restored functionality for both. Mageia release 3 (Official) for x86_64 [1] http://www.ps3mediaserver.org/
CC: (none) => rolfpedersen
If you have a problem with shorewall please search if there is one already in Bugzilla. Shorewall is a separate package from shorewall6. IMHO your comment is not related to shorewall6, Rolf.
Same bug here for an Live install. Ouch! This time, the GUI fails completly as it does not check if the subsystems are running...
CC: (none) => lists.jjorge
(In reply to José Jorge from comment #19) > Same bug here for an Live install. Ouch! This time, the GUI fails completly > as it does not check if the subsystems are running... I wrote too fast, I meant that even the workarounds above do not work here : drakfirewall never changed the /etc/shorewall/policy file even after re-installing shorewall*. I add to change the line net all ACCEPT in /etc/shorewall/policy to open my firewall. The GUI does not recognise it, it still says only ssh and httpd ports are opened. Any change I do is not saved.
jjorge@free.fr: this bug is against shorewall6, *not* about shorewall. Please search for a similar bug with shorewall or post it yourself against shorewall. This bug is for shorewall6 only, which is a separate package
With the new update for drakxtools of bug #9941 comment 24, works fine here now.
Version: Cauldron => 3
With the new update for drakxtools, works fine here now for me too.
Summary: Classical & LiveDVDs/CDs: during live mode and after install: shorewall6 entered failed state => Classical & LiveDVDs/CDs: during live mode: shorewall6 entered failed state
Blocks: (none) => 11704Whiteboard: 3final => 4final
dupe *** This bug has been marked as a duplicate of bug 11928 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE