Yunohost-firewall failed, cannot start

Support
, , ,
1

My YunoHost server

Hardware: Raspberry Pi 3B at home
YunoHost version: 4.0.6.1
**I have access to my server :**through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description of my issue

Hi there,

I was having some trouble with node-red today and took a look at the services running on my Yunohost instance. I was able to restart the node-red service. But I also notices that the Yunohost-Firewall service said it’d failed since 10 days ago.

When I try to restart the Yunohost-Firewall service, the log at the top of the screen says Service 'yunohost-firewall' started But in the services it still says it failed since 10 days ago.

The journalctl there is empty:

-- Logs begin at Thu 2020-09-03 09:41:10 BST, end at Fri 2020-09-04 22:31:01 BST. --
-- No entries --

I would like my Yunohost instance to be safe from the outside. Can you please help me figuring out what is going on here and how to get the firewall on again?
Thanks :wink:

2

What’s the result of : iptables-save ?

Is there some rules or not ?

3

I have the same issue of MrMorals.

After the migration to buster the firewall management has passed to nftables and it is not anymore managed by iptables.

I solved the issue with iptables-translate package as described in Moving from iptables to nftables - nftables wiki and now my firewall is going but the same the yunohost-firewall service fails.

4

Yes, but the iptables commands still work and implement a compatibility layer with the new nftables system

Not sure if that was a good idea to do all this by hand … this is supposed to be handled by Yunohost in migration number 18…

5

Thanks for your swift answer!
If I ssh into my ynh server and run iptables-save there is no output.

If you need more info, please let me know :slight_smile:

6

I have still this problem and the log I see is this:

journalctl: 
  - -- Logs begin at Fri 2020-10-02 03:43:13 CEST, end at Sat 2020-10-03 10:49:36 CEST. --
  - Oct 03 09:57:02 systemd[1]: yunohost-firewall.service: Stopping timed out. Terminating.
  - Oct 03 09:57:02 systemd[1]: yunohost-firewall.service: Control process exited, code=killed, status=15/TERM
  - -- Subject: Unit process exited
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- An ExecStop= process belonging to unit yunohost-firewall.service has exited.
  - -- 
  - -- The process' exit code is 'killed' and its exit status is 15.
  - Oct 03 09:57:02 systemd[1]: yunohost-firewall.service: Failed with result 'timeout'.
  - -- Subject: Unit failed
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- The unit yunohost-firewall.service has entered the 'failed' state with result 'timeout'.
  - Oct 03 09:57:02 systemd[1]: Stopped YunoHost Firewall.
  - -- Subject: A stop job for unit yunohost-firewall.service has finished
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- A stop job for unit yunohost-firewall.service has finished.
  - -- 
  - -- The job identifier is 22231 and the job result is done.
  - Oct 03 09:57:02 systemd[1]: Starting YunoHost Firewall...
  - -- Subject: A start job for unit yunohost-firewall.service has begun execution
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- A start job for unit yunohost-firewall.service has begun execution.
  - -- 
  - -- The job identifier is 22231.
  - Oct 03 09:57:04 yunohost[19228]: Non puoi giocare con iptables qui. O sei in un container o il tuo kernel non lo supporta
  - Oct 03 09:57:05 yunohost[19228]: Il firewall è stato ricaricato
  - Oct 03 09:57:05 yunohost[19228]: opened_ports:
  - Oct 03 09:57:05 yunohost[19228]:   - 22
  - Oct 03 09:57:05 yunohost[19228]:   - 25
  - Oct 03 09:57:05 yunohost[19228]:   - 53
  - Oct 03 09:57:05 yunohost[19228]:   - 67
  - Oct 03 09:57:05 yunohost[19228]:   - 80
  - Oct 03 09:57:05 yunohost[19228]:   - 111
  - Oct 03 09:57:05 yunohost[19228]:   - 443
  - Oct 03 09:57:05 yunohost[19228]:   - 587
  - Oct 03 09:57:05 yunohost[19228]:   - 993
  - Oct 03 09:57:05 yunohost[19228]:   - 2525
  - Oct 03 09:57:05 yunohost[19228]:   - 5222
  - Oct 03 09:57:05 yunohost[19228]:   - 5269
  - Oct 03 09:57:05 yunohost[19228]:   - 5353
  - Oct 03 09:57:05 yunohost[19228]:   - 9000
  - Oct 03 09:57:05 yunohost[19228]:   - 22000
  - Oct 03 09:57:05 yunohost[19228]:   - 49152:65535
  - Oct 03 09:57:05 systemd[1]: Started YunoHost Firewall.
  - -- Subject: A start job for unit yunohost-firewall.service has finished successfully
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- A start job for unit yunohost-firewall.service has finished successfully.
  - -- 
  - -- The job identifier is 22231.
  - Oct 03 10:07:17 systemd[1]: Stopping YunoHost Firewall...
  - -- Subject: A stop job for unit yunohost-firewall.service has begun execution
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- A stop job for unit yunohost-firewall.service has begun execution.
  - -- 
  - -- The job identifier is 22465.
  - Oct 03 10:08:47 systemd[1]: yunohost-firewall.service: Stopping timed out. Terminating.
  - Oct 03 10:08:47 systemd[1]: yunohost-firewall.service: Control process exited, code=killed, status=15/TERM
  - -- Subject: Unit process exited
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- An ExecStop= process belonging to unit yunohost-firewall.service has exited.
  - -- 
  - -- The process' exit code is 'killed' and its exit status is 15.
  - Oct 03 10:08:47 systemd[1]: yunohost-firewall.service: Failed with result 'timeout'.
  - -- Subject: Unit failed
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- The unit yunohost-firewall.service has entered the 'failed' state with result 'timeout'.
  - Oct 03 10:08:47 systemd[1]: Stopped YunoHost Firewall.
  - -- Subject: A stop job for unit yunohost-firewall.service has finished
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- A stop job for unit yunohost-firewall.service has finished.
  - -- 
  - -- The job identifier is 22465 and the job result is done.
  - Oct 03 10:08:47 systemd[1]: Starting YunoHost Firewall...
  - -- Subject: A start job for unit yunohost-firewall.service has begun execution
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- A start job for unit yunohost-firewall.service has begun execution.
  - -- 
  - -- The job identifier is 22465.
  - Oct 03 10:08:50 yunohost[29836]: Il firewall è stato ricaricato
  - Oct 03 10:08:50 yunohost[29836]: opened_ports:
  - Oct 03 10:08:50 yunohost[29836]:   - 22
  - Oct 03 10:08:50 yunohost[29836]:   - 25
  - Oct 03 10:08:50 yunohost[29836]:   - 53
  - Oct 03 10:08:50 yunohost[29836]:   - 67
  - Oct 03 10:08:50 yunohost[29836]:   - 80
  - Oct 03 10:08:50 yunohost[29836]:   - 111
  - Oct 03 10:08:50 yunohost[29836]:   - 443
  - Oct 03 10:08:50 yunohost[29836]:   - 587
  - Oct 03 10:08:50 yunohost[29836]:   - 993
  - Oct 03 10:08:50 yunohost[29836]:   - 2525
  - Oct 03 10:08:50 yunohost[29836]:   - 5222
  - Oct 03 10:08:50 yunohost[29836]:   - 5269
  - Oct 03 10:08:50 yunohost[29836]:   - 5353
  - Oct 03 10:08:50 yunohost[29836]:   - 9000
  - Oct 03 10:08:50 yunohost[29836]:   - 22000
  - Oct 03 10:08:50 yunohost[29836]:   - 49152:65535
  - Oct 03 10:08:50 systemd[1]: Started YunoHost Firewall.
  - -- Subject: A start job for unit yunohost-firewall.service has finished successfully
  - -- Defined-By: systemd
  - -- Support: https://www.debian.org/support
  - -- 
  - -- A start job for unit yunohost-firewall.service has finished successfully.
  - -- 
  - -- The job identifier is 22465.
7

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.