Good day.
I am running aapanel 6.6.7 in CentOS Linux release 7.7.1908 (Core) on a VPS.
Using the Security section of aapanel and trying to add or remove any rule, produces a complete breakdown of firewalld/iptables rules leaving the server inaccessible via remote tools.
The only way is to do a reboot.
Here is the /var/log/firewalld log form today. I was just trying to remove port 10000 (webmin)
The error from may 13 is ADDing some rules.
After reboot, the rules added or deleted are applied.
[FIX]
This error is present in Centos firewalls package prior or equal to 0.6.3 and Centos 7.7.1908 comes with firewalld-0.6.3-2.el7_7.4
see discussion [here]https://github.com/firewalld/firewalld/issues/484).
To fix, please update firewalls package in Centos 7.7 like this:
`[root@ns367197 log]# yum update firewalld
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
- epel: mirrors.coreix.net
Resolving Dependencies
--> Running transaction check
---> Package firewalld.noarch 0:0.6.3-2.el7_7.4 will be updated
---> Package firewalld.noarch 0:0.6.3-8.el7_8.1 will be an update
--> Processing Dependency: python-firewall = 0.6.3-8.el7_8.1 for package: firewalld-0.6.3-8.el7_8.1.noarch
--> Processing Dependency: firewalld-filesystem = 0.6.3-8.el7_8.1 for package: firewalld-0.6.3-8.el7_8.1.noarch
--> Running transaction check
---> Package firewalld-filesystem.noarch 0:0.6.3-2.el7_7.4 will be updated
---> Package firewalld-filesystem.noarch 0:0.6.3-8.el7_8.1 will be an update
---> Package python-firewall.noarch 0:0.6.3-2.el7_7.4 will be updated
---> Package python-firewall.noarch 0:0.6.3-8.el7_8.1 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================================================================================================
Package Arch Version Repository Size
Updating:
firewalld noarch 0.6.3-8.el7_8.1 updates 443 k
Updating for dependencies:
firewalld-filesystem noarch 0.6.3-8.el7_8.1 updates 51 k
python-firewall noarch 0.6.3-8.el7_8.1 updates 354 k
Transaction Summary
Upgrade 1 Package (+2 Dependent packages)
Total download size: 848 k
Is this ok [y/d/N]: y
`
NOTE: Remeber that even if your're installing 0.6.3-8. Redhat has backported patches for newer releases (0.6.4 and up) to the 0.6.3 line.
For information purposes this is the error that shows in the logs when the patch to firewalls is not applied.
`2020-05-13 10:49:51 ERROR: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
2020-05-13 10:49:57 ERROR: INVALID_ZONE
2020-05-19 04:02:25 WARNING: NOT_ENABLED: 10000:udp
2020-05-19 04:02:25 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
2020-05-19 04:02:25 ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
2020-05-19 04:02:25 ERROR: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
2020-05-19 04:09:23 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'security'
Error occurred at line: 11
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
2020-05-19 04:09:23 ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 11
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
2020-05-19 04:09:23 ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
2020-05-19 04:09:23 ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
2020-05-19 04:09:24 ERROR: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
2020-05-19 04:09:30 ERROR: INVALID_ZONE
`
