CentOS Firewalld 错误提示Bug 修复
firewall-cmd --version
0.4.4.4
systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2018-03-05 15:27:43 CST; 1min 10s ago
Docs: man:firewalld(1)
Main PID: 571 (firewalld)
CGroup: /system.slice/firewalld.service
└─571 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 05 15:27:43 rnErmJ104698 systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 05 15:27:43 rnErmJ104698 systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Mar 05 15:27:44 rnErmJ104698 firewalld[571]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
以上 WARNING 信息,在默认配置的情况下也会出现
修复方法
编辑
src/firewall/core/fw.py
try:
self.icmptype.add_icmptype(obj)
except FirewallError as error:
删除- log.warning("%s: %s, ignoring for run-time." % \
添加+ log.info1("%s: %s, ignoring for run-time." % \
(obj.name, str(error)))
# add a deep copy to the configuration interface
self.config.add_icmptype(copy.deepcopy(obj))
编辑
src/firewall/core/fw_icmptype.py
else:
supported_icmps = [ ]
if obj.name.lower() not in supported_icmps:
删除- log.warning("ICMP type '%s' is not supported by the kernel for %s." % (obj.name, ipv))
添加+ log.info1("ICMP type '%s' is not supported by the kernel for %s." % (obj.name, ipv))
ipvs.remove(ipv)
if len(ipvs) != len(orig_ipvs):
if len(ipvs) < 1:
Redhat Bug原文地址:https://xmyunwei.com/6esz
Bug 修复Github原文: https://xmyunwei.com/e3gb
近期评论