[Bug 1198214] New: 15.3, firewalld mostly doesnt autostart on bootup any more - since february 2022,
http://bugzilla.opensuse.org/show_bug.cgi?id=1198214 Bug ID: 1198214 Summary: 15.3, firewalld mostly doesnt autostart on bootup any more - since february 2022, Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: screening-team-bugs@suse.de Reporter: abittner@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- 15.3, x64, multiple ethernet interfaces, simple ipv4 router nat machine. ever since sometime in february 2022, when rebooting the machine, firewalld doesnt succeed to start up on reboot or startup any more even though its set as enabled. using wicked on this machine, been a long history of previous opensuse suse updates and upgrades with this machine, right now its on opensuse 15.3 leap. one ethernet interface (its address) is on dhcp4 shown in yast, the other ethernet interface is fixed ipv4 assigned to it. journalctl -u firewalld.service shows the following in february 2022, and then ever since, but not always all the time warning not enabled eth0 warning not enabled eth1 and as of end of march 2022 even such red lines and details about: firewalld[2914]: ERROR: Calling pre func <bound method Firewall.full_check_config of <class 'firewall.core.fw.Firewall'>(True, True, True, 'INIT', Fals> I need to ssh connect to the machine then and fire up the firewalld service manually. Even though it is at enabled (vendor preset disabled). What happened as of february 2022 and what happend at the end of march for those red status lines? this machine and its firewalld worked perfectly for many years, and a long time in 15.3 up until february 2022. how to find out more about whats happening? ty. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198214 http://bugzilla.opensuse.org/show_bug.cgi?id=1198214#c1 --- Comment #1 from andreas bittner <abittner@opensuse.org> --- just updated some affected 15.3 machine to 15.4, and rebooted it the very first time. And its the same again the firewalld is dead although its set to be active on boot time. I guess its some raceing condition with the network interface or something? its not always acting the same. Sometimes it manages to autostart. Mostly it doesnt in the recent months :( Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198214 http://bugzilla.opensuse.org/show_bug.cgi?id=1198214#c2 Andrei Borzenkov <arvidjaar@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |arvidjaar@gmail.com, | |meissner@suse.com --- Comment #2 from Andrei Borzenkov <arvidjaar@gmail.com> --- (In reply to andreas bittner from comment #0)
and as of end of march 2022 even such red lines and details about:
firewalld[2914]: ERROR: Calling pre func <bound method Firewall.full_check_config of <class 'firewall.core.fw.Firewall'>(True, True, True, 'INIT', Fals>
@meissner: DL;DR openSUSE-SLE-15.3-2022-1435 should be revoked. May 02 08:26:33 leap15 firewalld[2159]: ERROR: Calling pre func <bound method Firewall.full_check_config of <class 'firewall.core.fw.Firewall'>(True, True, True, 'INIT', False, '', {}, [], True, True, True, True, 'all')>(()) failed: check_config_dict() takes 2 positional arguments but 3 were given The bug is due to patch https://build.opensuse.org/package/view_file/openSUSE:Leap:15.3:Update/firew... which backported full_check_config() method, but calling convention of check_config_dict() changed in the master. bor@bor-Latitude-E5450:~/src/firewalld$ git grep check_config_dict v0.9.3 v0.9.3:src/firewall/core/io/io_object.py: def check_config_dict(self, conf): bor@bor-Latitude-E5450:~/src/firewalld$ git grep check_config_dict master master:src/firewall/core/fw.py: io_obj.check_config_dict(io_obj.export_config_dict(), all_io_objects) master:src/firewall/core/io/io_object.py: def check_config_dict(self, conf, all_io_objects): The above patch calls "old" check_config_dict() with "new" calling conventions. + for (name, io_obj) in io_objs.items(): + io_obj.check_config_dict(io_obj.export_config_dict(), all_io_objects) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198214 http://bugzilla.opensuse.org/show_bug.cgi?id=1198214#c3 Cristian Seres <cseres@iki.fi> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cseres@iki.fi --- Comment #3 from Cristian Seres <cseres@iki.fi> --- This still exists on openSUSE Leap 15.4 as andreas bittner mentioned. Jul 12 14:34:24 xxx firewalld[18939]: ERROR: Calling pre func <bound method Firewall.full_check_config of <class 'firewall.core.fw.Firewall'>(True, True, True, 'INIT', False, '', {}, [], True, True, True, False, 'off')>(()) failed: check_config_dict() takes 2 positional arguments but 3 were given In my opinion this is a security issue and the bug should have a higher priority and severity. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com