I get the message below when I run “systemctl status firewalld.service”:
“ERROR: ‘/usr/sbin/iptables-restore -w -n’ failed: iptables-restore v1.8.7 (legacy): multiple -i flags not allowed
Since I don’t know why this error occurs I wonder if there is any file I can look in to get more information or if I dare to restart my machine?
The command suggested only gives me the following information:
]
[ --modprobe= ]
Any suggestions what I should do? Since it states that the error is on line 2, I wonder in which file?
/Henrik
Are you sure it happens when you run this command? Paste here the full command line (including shell prompt), its complete output and the subsequent shell prompt.
Use preformatted text when posting computer output.
“why” did you run that command? Typically, a user should not have to manually execute it, except for some specific reason.
Is what I paste below understandable?
Firewall:/etc/firewalld # systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: disabled)
Active: active (running) since Mon 2025-10-13 12:35:09 CEST; 5 days ago
Docs: man:firewalld(1)
Process: 15844 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 1169 (firewalld)
Tasks: 2 (limit: 4915)
CPU: 53.065s
CGroup: /system.slice/firewalld.service
└─1169 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
Oct 18 12:35:36 Firewall firewalld[1169]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.7 (legacy): multip>
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Oct 18 12:35:36 Firewall firewalld[1169]: ERROR: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore>
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Oct 18 12:37:05 Firewall firewalld[1169]: ERROR: RUNNING_BUT_FAILED: Changing permanent configuration is not allowed while firewalld>
Oct 18 12:37:37 Firewall firewalld[1169]: ERROR: RUNNING_BUT_FAILED: Changing permanent configuration is not allowed while firewalld>
Oct 18 12:38:17 Firewall firewalld[1169]: ERROR: RUNNING_BUT_FAILED: Changing permanent configuration is not allowed while firewalld>
Oct 18 12:40:01 Firewall firewalld[1169]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.7 (legacy): multip>
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Oct 18 12:40:01 Firewall firewalld[1169]: ERROR: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore>
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Oct 18 12:41:40 Firewall firewalld[1169]: ERROR: RUNNING_BUT_FAILED: Changing permanent configuration is not allowed while firewalld>
Oct 18 12:41:50 Firewall firewalld[1169]: ERROR: RUNNING_BUT_FAILED: Changing permanent configuration is not allowed while firewalld>
So, the firewalld is started and running.
It is not “the output of the command” in its usual sense. It is logs of the program(s) that are executed when service is being started.
firewalld calls iptables-restore to load its rules if it is configured to use iptables backend and iptables-restore command is available. The rules are in a temporary file. The message about -i most likely refers to the content of this file. firewalld will print the content of this file with high enough debug level (2 or more).
The question is - do you observe any problems besides these log lines? Does iptables content matches your firewalld configuration?
As you should see yourself the log lines are truncated, so information is lost.
HenrikLjungberg:
multip>
Always use --full option when you want to show logs.