CentOS Firewalld 错误提示Bug 修复

firewall-cmd --version
0.4.4.4 

systemctl status firewalld 

● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2018-03-05 15:27:43 CST; 1min 10s ago
     Docs: man:firewalld(1)
 Main PID: 571 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─571 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Mar 05 15:27:43 rnErmJ104698 systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 05 15:27:43 rnErmJ104698 systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.

以上 WARNING 信息，在默认配置的情况下也会出现

修复方法

编辑

src/firewall/core/fw.py

                     try:
                         self.icmptype.add_icmptype(obj)
                     except FirewallError as error:
删除-                        log.warning("%s: %s, ignoring for run-time." % \
添加+                        log.info1("%s: %s, ignoring for run-time." % \
                                     (obj.name, str(error)))
                     # add a deep copy to the configuration interface
                     self.config.add_icmptype(copy.deepcopy(obj))

编辑

src/firewall/core/fw_icmptype.py

             else:
                 supported_icmps = [ ]
             if obj.name.lower() not in supported_icmps:
删除-                log.warning("ICMP type '%s' is not supported by the kernel for %s." % (obj.name, ipv))
添加+                log.info1("ICMP type '%s' is not supported by the kernel for %s." % (obj.name, ipv))
                 ipvs.remove(ipv)
         if len(ipvs) != len(orig_ipvs):
             if len(ipvs) < 1:

Redhat Bug原文地址：https://xmyunwei.com/6esz
Bug 修复Github原文: https://xmyunwei.com/e3gb