firewall-config not running

English Network/Internet
#1

Hello all, since last time I updated (from a week outside) if I try to run firewall-config GUI from Yast I have this:


Ejecución del comando ""/usr/bin/firewall-config"]]" fallida.  Código de salida: 1 Salida de error: Traceback (most recent call last):  File "/usr/bin/firewall-config", line 8093, in <module> app =  FirewallConfig() File "/usr/bin/firewall-config", line 1386, in __init__  self.connection_changed() File "/usr/bin/firewall-config", line 1692,  in connection_changed self.update_active_zones() File  "/usr/bin/firewall-config", line 2464, in update_active_zones  connection, zone ]) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1245, in append return self._do_insert(parent, -1, row) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1237, in _do_insert row, columns = self._convert_row(row) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 876, in _convert_row result.append(self._convert_value(cur_col, value)) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 894, in _convert_value return GObject.Value(self.get_column_type(column), value) File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 218, in __init__ self.set_value(py_value) File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 274, in set_value (py_value, type(py_value))) ValueError: Expected string but got False<class 'bool'>

and if I try to run firewall-config form console the message is:

~> firewall-config

(firewall-config:2588): Gtk-WARNING **:  19:12:30.658: Theme parsing error: gtk.css:127:35: The style property  GtkButton:child-displacement-x is deprecated and shouldn't be used  anymore. It will be removed in a future version

(firewall-config:2588):  Gtk-WARNING **: 19:12:30.658: Theme parsing error: gtk.css:128:35: The  style property GtkButton:child-displacement-y is deprecated and  shouldn't be used anymore. It will be removed in a future version

(firewall-config:2588):  Gtk-WARNING **: 19:12:30.658: Theme parsing error: gtk.css:132:46: The  style property GtkScrolledWindow:scrollbars-within-bevel is deprecated and shouldn't be used anymore. It will be removed in a future version
Traceback (most recent call last):
  File "/usr/bin/firewall-config", line 8093, in <module>
    app = FirewallConfig()
  File "/usr/bin/firewall-config", line 1386, in __init__
    self.connection_changed()
  File "/usr/bin/firewall-config", line 1692, in connection_changed
    self.update_active_zones()
  File "/usr/bin/firewall-config", line 2464, in update_active_zones
    connection, zone ])
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1245, in append
    return self._do_insert(parent, -1, row)
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1237, in _do_insert
    row, columns = self._convert_row(row)
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 876, in _convert_row
    result.append(self._convert_value(cur_col, value))
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 894, in _convert_value
    return GObject.Value(self.get_column_type(column), value)
  File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 218, in __init__
    self.set_value(py_value)
  File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 274, in set_value
    (py_value, type(py_value)))
ValueError: Expected string but got False<class 'bool'>

I’ve tried to remove /var/lib/ebtables/lock as seen here, but this file does not exist…

Does anyone knows what is happening?

#2

To start with, is your OS up to date with the following?

zypper dup

If that deosn’t help, please share your configured repos…

zypper lr -d
#3

Thanks deano_ferrari for you answer.

Yes, it is.

If that deosn’t help, please share your configured repos…

zypper lr -d

These are my repos.


#  | Alias                         
         |  Nombre                      | Habilitado | Comprobación GPG | Actualizar  | Prioridad | Tipo   | URI                                                                                           | Servicio
---+----------------------------------------+-----------------------------+------------+------------------+------------+-----------+--------+-----------------------------------------------------------------------------------------------+---------
 1 | download.nvidia.com-tumbleweed         | nVidia Graphics Drivers     | Sí         | (r ) Sí          | Sí         |   99      | rpm-md | https://download.nvidia.com/opensuse/tumbleweed                                               |         
 2 | openSUSE-20180812-0                     | openSUSE-20180812-0         | No         | ----             |  ----       |   99      | rpm-md | hd:///?device=/dev/disk/by-id/usb-Kingston_DataTraveler_G3_001CC0EC34BEBB91471D0179-0:0-part2 |         
 3 | openSUSE_Tumbleweed                    | GeoRepo                     | Sí         | (r ) Sí          | Sí         |   85      | rpm-md | http://download.opensuse.org/repositories/Application:/Geo/openSUSE_Tumbleweed                |         
 4 | opensuse-guide.org-openSUSE_Tumbleweed | libdvdcss repository        | Sí         | (r ) Sí          | Sí         |   99      | rpm-md | http://opensuse-guide.org/repo/openSUSE_Tumbleweed/                                           |         
 5 | packman.inode.at-openSUSE_Tumbleweed   | Packman                     | Sí         | (r ) Sí          | Sí         |   80      | rpm-md | http://packman.inode.at/suse/openSUSE_Tumbleweed/                                             |         
 6 | repo-debug                             | openSUSE-Tumbleweed-Debug   | No         | ----             | ----       |   99      | NONE   | http://download.opensuse.org/debug/tumbleweed/repo/oss/                                       |         
 7 | repo-non-oss                           | openSUSE-Tumbleweed-Non-Oss | Sí         | (r ) Sí          | Sí         |   99      | rpm-md | http://download.opensuse.org/tumbleweed/repo/non-oss/                                         |         
 8 | repo-oss                               | openSUSE-Tumbleweed-Oss     | Sí         | (r ) Sí          | Sí         |   99      | rpm-md | http://download.opensuse.org/tumbleweed/repo/oss/                                             |         
 9 | repo-source                            | openSUSE-Tumbleweed-Source  | No         | ----             | ----       |   99      | NONE   | http://download.opensuse.org/source/tumbleweed/repo/oss/                                      |         
10 | repo-update                            | openSUSE-Tumbleweed-Update  | Sí         | (r ) Sí          | Sí         |   99      | rpm-md | http://download.opensuse.org/update/tumbleweed/                                               |
#4

…and you’re upgrading with ‘zypper dup’?

#5

Experiencing the same, upgraded with zypper dup on tumbleweed today and then wanted the use the firewall tool (for the first time ever, so it might have been a issue prior to the upgrade, I wouldn’t know)

English error message:


Execution of command ""/usr/bin/firewall-config"]]" failed. Exit code: 1 Error output: Traceback (most recent call last): File "/usr/bin/firewall-config", line 8093, in <module> app = FirewallConfig() File "/usr/bin/firewall-config", line 1386, in __init__ self.connection_changed() File "/usr/bin/firewall-config", line 1692, in connection_changed self.update_active_zones() File "/usr/bin/firewall-config", line 2464, in update_active_zones connection, zone ]) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1245, in append return self._do_insert(parent, -1, row) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1237, in _do_insert row, columns = self._convert_row(row) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 876, in _convert_row result.append(self._convert_value(cur_col, value)) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 894, in _convert_value return GObject.Value(self.get_column_type(column), value) File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 218, in __init__ self.set_value(py_value) File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 274, in set_value (py_value, type(py_value))) ValueError: Expected string but got False<class 'bool'>
#6

Is SUSEfirewallI2 still installed and running? If you have upgrades from a time when that was the default firewall maybe it still is the one running. New installs should use firewald.

#7

I am also having this problem. It began with the 0815 update on my desktop which uses Intel integrated graphics. On my laptop, which has nvidia graphics, it works fine. I figure at some point an update will fix it, but as of the 0827 update it is still an issue.

I did find https://github.com/firewalld/firewalld/pull/373 which indicates a fix should eventually show up, if it is the same issue.

#8 
$ sudo service --status-all | grep -i firewall
firewalld.service                                                                 loaded active running firewalld - dynamic firewall daemon

seems I only have firewalld running

#9

Could be related, I am using docker.

#10

Also seeing this issue today after doing zypper dup. Noticed it when I couldn’t get to any mDNS addresses on my local network.

**#** service --status-all | grep -i firewall
**firewall**d.service                                   loaded active     running  
     **firewall**d - dynamic **firewall** daemon

**#** iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination          

Chain FORWARD (policy DROP)
target     prot opt source               destination          
DOCKER-ISOLATION  all  --  anywhere             anywhere             
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere             
ACCEPT     all  --  anywhere             anywhere             
ACCEPT     all  --  anywhere             anywhere             

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination          

Chain DOCKER (1 references)
target     prot opt source               destination          

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination          
RETURN     all  --  anywhere             anywhere


**#** sudo systemctl status firewalld
**●** firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
   Active: **active (running)** since Tue 2018-08-28 20:19:27 CDT; 11min ago
     Docs: man:firewalld(1)
 Main PID: 6191 (firewalld)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/firewalld.service
           └─6191 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

Aug 28 20:19:26 nessus systemd[1]: Starting firewalld - dynamic firewall daemon...
Aug 28 20:19:27 nessus systemd[1]: Started firewalld - dynamic firewall daemon.
Aug 28 20:19:29 nessus firewalld[6191]: **WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (d**>
Aug 28 20:19:29 nessus firewalld[6191]: **WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (d**

**#** tail -n 50 /var/log/firewalld  
2018-08-28 17:28:57 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -D OUTPUT' failed: iptables: Bad rule (does a matching rule exist in that chain?).

2018-08-28 17:28:57 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -F DOCKER' failed: iptables: No chain/target/match by that name.

2018-08-28 17:28:57 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -X DOCKER' failed: iptables: No chain/target/match by that name.

2018-08-28 17:28:57 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -F DOCKER' failed: iptables: No chain/target/match by that name.

2018-08-28 17:28:57 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -X DOCKER' failed: iptables: No chain/target/match by that name.

2018-08-28 17:28:57 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.

2018-08-28 17:28:57 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.

2018-08-28 17:28:57 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule e
xist in that chain?).

2018-08-28 17:28:58 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule e
xist in that chain?).

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -D OUTPUT -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j DOCKER' failed: iptable
s v1.6.2: Couldn't load target `DOCKER':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables v1.6.2: Couldn't l
oad target `DOCKER':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule exist in that chain?)
.

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -D OUTPUT' failed: iptables: Bad rule (does a matching rule exist in that chain?).

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -F DOCKER' failed: iptables: No chain/target/match by that name.

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -X DOCKER' failed: iptables: No chain/target/match by that name.

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -F DOCKER' failed: iptables: No chain/target/match by that name.

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -X DOCKER' failed: iptables: No chain/target/match by that name.

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.

2018-08-28 20:14:30 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule e
xist in that chain?).

2018-08-28 20:14:31 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule e
xist in that chain?).

2018-08-28 20:19:29 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule e
xist in that chain?).

2018-08-28 20:19:29 WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule e
xist in that chain?).


# zypper lr -d
[sudo] password for root:  
Repository priorities are without effect. All enabled repositories share the same priority.

#  | Alias               | Name                        | Enabled | GPG Check | Refresh | Priority | Type   | URI                                                 
                       | Service
---+---------------------+-----------------------------+---------+-----------+---------+----------+--------+-----------------------------------------------------
-----------------------+--------
 1 | Google-Chrome       | Google-Chrome               | Yes     | (r ) Yes  | No      |   99     | rpm-md | http://dl.google.com/linux/rpm/stable/x86_64        
                       |         
 2 | Publishing          | Publishing                  | Yes     | (r ) Yes  | No      |   99     | rpm-md | https://download.opensuse.org/repositories/Publishin
g/openSUSE_Tumbleweed/ |         
 3 | Tumbleweed          | VLC                         | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.videolan.org/pub/videolan/vlc/SuSE/T
umbleweed              |         
 4 | code                | Visual Studio Code          | Yes     | (r ) Yes  | No      |   99     | rpm-md | https://packages.microsoft.com/yumrepos/vscode      
                       |         
 5 | google-chrome       | google-chrome               | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://dl.google.com/linux/chrome/rpm/stable/x86_64 
                       |         
 6 | openSUSE-20180131-0 | openSUSE-20180131-0         | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/tumbleweed/repo/oss/   
                       |         
 7 | packman             | packman                     | Yes     | (r ) Yes  | No      |   99     | rpm-md | http://packman.inode.at/suse/openSUSE_Tumbleweed/   
                       |         
 8 | repo-debug          | openSUSE-Tumbleweed-Debug   | No      | ----      | ----    |   99     | NONE   | http://download.opensuse.org/debug/tumbleweed/repo/o
ss/                    |         
 9 | repo-non-oss        | openSUSE-Tumbleweed-Non-Oss | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/tumbleweed/repo/non-oss
/                      |         
10 | repo-source         | openSUSE-Tumbleweed-Source  | No      | ----      | ----    |   99     | NONE   | http://download.opensuse.org/source/tumbleweed/repo/
oss/                   |         
11 | repo-update         | openSUSE-Tumbleweed-Update  | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/tumbleweed/
#11

This thread might apply:

https://forums.opensuse.org/showthread.php/532833-Error-syntax-error-unexpected-junk-add-rule-inet-firewalld-filter_IN_block-reject

#12

I changed the last line in /etc/firewalld/firewalld.config from nftables to iptables, rebooted, and am still seeing the same errors :frowning:

#13

Hi all, sorry for the delay…

Yes, I upgrade with zypper dup.

After the messages in the thread I guess this is an error and it will be fixed in an upcoming upgrade?

#14

I would expect so. :slight_smile:

#15

Great!!! After last update firewall-config is working fine again!!!

Thanks everyone for your answers.

#16

Well that might have been fixed on Tumbelweed but i am getting the same error on Leap 15.0 as well after the latest updates. That happened yesterday after i updated Leap with zypper up. Any help?

#17

I am not seeing any problems on Leap 15.0, with running firewall-config (started from Yast). My last update was Thursday evening.

Yes, there are some newer updates waiting until I get around to installing those. But they don’t look to be related to “firewalld” (most are texlive updates).

#18

I thought i made a mistake somewhere so i just reinstalled Leap today hoping the issue will go away but it is still the same.

When i open firewall through YaST i get this error

Execution of command ""/usr/bin/firewall-config"]]" failed. Exit code: 1 Error output: Traceback (most recent call last): File "/usr/bin/firewall-config", line 8170, in <module> app = FirewallConfig() File "/usr/bin/firewall-config", line 1386, in __init__ self.connection_changed() File "/usr/bin/firewall-config", line 1692, in connection_changed self.update_active_zones() File "/usr/bin/firewall-config", line 2465, in update_active_zones connection, zone ]) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1237, in append return self._do_insert(parent, -1, row) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1229, in _do_insert row, columns = self._convert_row(row) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 870, in _convert_row result.append(self._convert_value(cur_col, value)) File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 888, in _convert_value return GObject.Value(self.get_column_type(column), value) File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 218, in __init__ self.set_value(py_value) File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 274, in set_value (py_value, type(py_value))) ValueError: Expected string but got False<class 'bool'>

and if i run

firewall-config

in konsole i get the same error

(firewall-config:3801): Gtk-WARNING **: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version

(firewall-config:3801): Gtk-WARNING **: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version

(firewall-config:3801): Gtk-WARNING **: Theme parsing error: gtk.css:73:46: The style property GtkScrolledWindow:scrollbars-within-bevel is deprecated and shouldn't be used anymore. It will be removed in a future version
Traceback (most recent call last):
  File "/usr/bin/firewall-config", line 8170, in <module>
    app = FirewallConfig()
  File "/usr/bin/firewall-config", line 1386, in __init__
    self.connection_changed()
  File "/usr/bin/firewall-config", line 1692, in connection_changed
    self.update_active_zones()
  File "/usr/bin/firewall-config", line 2465, in update_active_zones
    connection, zone ])
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1237, in append
    return self._do_insert(parent, -1, row)
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 1229, in _do_insert
    row, columns = self._convert_row(row)
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 870, in _convert_row
    result.append(self._convert_value(cur_col, value))
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gtk.py", line 888, in _convert_value
    return GObject.Value(self.get_column_type(column), value)
  File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 218, in __init__
    self.set_value(py_value)
  File "/usr/lib64/python3.6/site-packages/gi/overrides/GObject.py", line 274, in set_value
    (py_value, type(py_value)))
ValueError: Expected string but got False<class 'bool'>
#19

I also have Leap 15.0 in a VM. I just updated that. And firewall-config starts without any problem.

Did you install Leap 15.0 as a clean install, or as an update to an earlier system? If it is an update, maybe the old firewall is still there and firewalld is not fully in place.

#20

First,
It’s not good form hijacking a thread, the current issue is admittedly on LEAP and not TW which was how this thread started.
Better would have been to start a new thread and if desired to include a link to this thread.

That error looks like a coding error, and I doubt caused by SUSEFW2 or anything like that.

Recommend submitting a bug to https://bugzilla.opensuse.org.

Be sure to include details about your OS and when you updated.

TSU