Cannot remove Service from firewall Zone with YaST or firewall-cmd - YaST showing errors

I was experimenting with DRBD (9) and decided to go another route. I uninstalled DRBD and removed config files from /etc. I went to remove DRBD from my firewall using YaST and received an error message trying to open firewall:
Screenshot_20230607_113108
I responded OK to the error window and YaST firewall opened but when I attempted to remove drbd I received the following error message:
Screenshot_20230607_115247
I went to YaST software and did a force reinstall of all selected YaST (Yast2) software components and firewall-cmd. After reboot, the problem remains and YaST displays the same messages. I tested with “firewall-cmd --state” and had “failed” return.

I am running OpenSUSE Tumbleweed 20230521 and with YaSt2 4.6.2-1.1

Does someone know how to remove the uninstalled drbd service from the external zone of my firewall or is this aYast/firewall error that needs to be reported???

Thank you

Run command in terminal and paste full invocation and output. It is unclean where this error message comes from - firewalld or YaST itself.

Need a bit of help to get the command correct. I tried “firewall-cmd --zone=external --remove-service-from-zone=drbd”; “firewall-cmd --zone=external --delete-service=drbd”; and “firewall-cmd --delete-service=drbd” but did not get the command correct.

What firewall-cmd do I need to try?

For the first error on state I can do:

rherbert@Obedient:~> firewall-cmd --state
failed
rherbert@Obedient:~>

I tried to reset firewall to defaults but that did not work:

rherbert@Obedient:~> firewall-cmd --reset-to-defaults
Error: INVALID_SERVICE: Zone ‘external’: ‘drbd’ not among existing services
rherbert@Obedient:~>

Any luck with:

firewall-cmd --list-all

(are you running theses as root ?!?!)

To remove:

firewall-cmd --zone=public --remove-service=name-of-service-to-remove --permanent

This is a screenshot of YaST firewall opened for “external” that show a drbd service (which I cannot remove):

This is a screen show of a number of firewall commands and their results.

The uninstalled drbd service shows up in YaSt and cannot be removed while with command lines the drbd service does not show and firewalld is in “FAILED state”. Note that the mysql service does not show up with command lines. Interestingly, I have a “new” problem with my mariadb master-master replication where the two servers do not recognize each other but my ssh service is working.

This may be germane … I had also installed yast2-drbd, never used it, and then uninstalled yast2-drbd.

Just a wild guess here.

Should have removed the service and any linked references to it in Yast2, THEN un-install the drbd software.

(… with no other working suggestions, personally I would install the drbd software again, then go back to Yast2, remove the config/service/reference and double-check it, THEN uninstall the drbd software.)

Good thought. I will keep that order of removal in mind for other uninstalls.

Before I opened this help tag, I did try reinstalling drbd and removing drbd from my firewall in YaST before uninstalling again. However, that did not resolve the problem. Meaning, I could not remove drbd from my firewall before I uninstalled with this second attempt as the problem did not go away with the reinstall.

The drbd installation through YaST included “drbd”, “drbd-kmp-default”, and “drbd-utils”. When I uninstalled these three, virtualbox could no longer open a guest machine due to a missing (?) kernel. I force reinstalled “virtualbox-kmp-default” (the kernel) through YaST and functionality was restored to virtualbox. I later discovered my problem with removing drbd from my firewall settings through Yast. However, force reinstalling firewalld and 5 dependencies did not resolve my current YaST/firewall problem.

Note as well: I did add drbd to my firewalls through YaST initially.

There must be a way to get firewalld functioning and out of its “FAILED” state.

YaST Services Manager indicates that firewalld starts “On Boot” and is in an “Active (Running)” state.

:smiley: Resolved

I managed to resolve this by going into the firewalld zone files in Super User Mode and removing out the drbd service with a text editor. All firewalld problems resolved AND my Mariadb master-master replication came back on line. The zone file in OpenSUSE Tumbleweed for the zone I was having trouble with was:

 /etc/firewalld/zones/external.xml

Thank you for your help and time everyone.

1 Like