Friday, December 1, 2017

firewall - Firewalld does not start at boot



I have installed firewalld and uninstalled ufw with the following commands:



sudo apt install firewall-applet
sudo systemctl start firewalld
sudo systemctl enable firewalld



It works but does not start on its own on restart. 



$ sudo systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset
Active: inactive (dead)

May 10 18:39:03 Yyyy systemd[1]: Stopped firewalld - dynamic firewall daemon. lines 1-5/5 (END)



My laptop is running Ubuntu 16.04 LTS.



The output of sudo systemctl status iptables.service:



● iptables.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)


Iptables is installed. The output of dpkg -s iptables




Package: iptables
Status: install ok installed
Priority: important
Section: net
Installed-Size: 1624
Maintainer: Ubuntu Developers 
Architecture: amd64
Version: 1.6.0-2ubuntu3
Depends: libxtables11 (= 1.6.0-2ubuntu3), libc6 (>= 2.14), libnfnetlink0

Description: administration tools for packet filtering and NAT
 iptables is the userspace command line program used to configure
 the Linux packet filtering ruleset. It is targeted towards system
 administrators. Since Network Address Translation is also configured
 from the packet filter ruleset, iptables is used for this, too. The
 iptables package also includes ip6tables. ip6tables is used for
 configuring the IPv6 packet filter
Homepage: http://www.netfilter.org/
Original-Maintainer: iptables devel team



I tried sudo firewalld-cmd --runtime-to-parmanent but it does not help firewalld start at boot.



Thanks



I also hit same problem as OP on my newly installed Ubuntu 16.04.4.



I've checked the service file - /lib/systemd/system/firewalld.service
It says firewalld conflict with iptables.service ip6tables.service ebtables.service ipset.service




Then I find ebtables.service is installed and enabled; After disabling and masking it by



sudo systemctl disable ebtables
sudo systemctl mask ebtables


firewalld can be started without any other script/trick after reboot, of coz it should be enabled.



So the root cause of my problem is - ebtables.service prevent firewalld.service from being started.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

11.10 - Can't boot from USB after installing Ubuntu

I bought a Samsung series 5 notebook and a very strange thing happened: I installed Ubuntu 11.10 from a usb pen drive but when I restarted (...