I have been trying to figure out why firewalld doesn’t start at boot and the only thing I can find about it is in the SuSEFirewall2 era. I do not know if this has started since I upgraded from 15.3 to 15.4 or not. But now when I think about it I had problems sharing samba and gave up the idea.
The firewalld service is set to Start ‘On Boot’ in YaST Services Manager though
Not unless I enforce the service to start manually it won’t start at boot.
Wondering around the interweb searching for answers I came across if it could have something to do with libvirt, so this is my libvirt status, just in case it is the culprit:
sudo systemctl status libvirtd
● libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-03-10 07:15:39 EST; 29min ago
TriggeredBy: ● libvirtd-admin.socket
● libvirtd-ro.socket
● libvirtd.socket
Docs: man:libvirtd(8)
https://libvirt.org
Main PID: 17137 (libvirtd)
Tasks: 23 (limit: 32768)
CGroup: /system.slice/libvirtd.service
├─ 7837 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
├─ 7838 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
└─ 17137 /usr/sbin/libvirtd --timeout 120
Mar 10 07:15:39 SimorghSUSE.local systemd[1]: Starting Virtualization daemon...
Mar 10 07:15:39 SimorghSUSE.local libvirtd[17137]: libvirt version: 8.0.0
Mar 10 07:15:39 SimorghSUSE.local libvirtd[17137]: hostname: SimorghSUSE.local
Mar 10 07:15:39 SimorghSUSE.local libvirtd[17137]: Failed to initialize libnetcontrol. Management of interface devices is disabled
Mar 10 07:15:39 SimorghSUSE.local systemd[1]: Started Virtualization daemon.
Mar 10 07:15:39 SimorghSUSE.local dnsmasq[7837]: read /etc/hosts - 7 addresses
Mar 10 07:15:39 SimorghSUSE.local dnsmasq[7837]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Mar 10 07:15:39 SimorghSUSE.local dnsmasq-dhcp[7837]: read /var/lib/libvirt/dnsmasq/default.hostsfile
After manual start:
sudo systemctl start firewalld.service
sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-03-10 07:56:32 EST; 8s ago
Docs: man:firewalld(1)
Main PID: 3906 (firewalld)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/firewalld.service
└─ 3906 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
Mar 10 07:56:32 SimorghSUSE.local systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 10 07:56:32 SimorghSUSE.local systemd[1]: Started firewalld - dynamic firewall daemon.
Sorry not clarifying it @arvidjaar
My system is not from prior to 15 era where I believe SuSEfirewall2 was active.
I do not have SuSEfirewall2.service on my system.
A web-browser search didn’t reveal anything – I’ve downloaded your raw input to susepaste and the following results can be seen:
> grep -i 'fire' 4bbc0fe1eaca1bb0837669c974c96a1b.txt
>
> grep -B 4 -A 4 'Reached target Host and Network Name Lookups' 4bbc0fe1eaca1bb0837669c974c96a1b.txt
Mar 10 08:36:26 SimorghSUSE systemd[1]: Finished Save/Restore Sound Card State.
Mar 10 08:36:26 SimorghSUSE systemd[1]: issue-generator.service: Deactivated successfully.
Mar 10 08:36:26 SimorghSUSE systemd[1]: Finished Generate issue file for login session.
Mar 10 08:36:26 SimorghSUSE systemd[1]: Started Name Service Cache Daemon.
Mar 10 08:36:26 SimorghSUSE systemd[1]: Reached target Host and Network Name Lookups.
Mar 10 08:36:26 SimorghSUSE systemd[1]: Reached target User and Group Name Lookups.
Mar 10 08:36:26 SimorghSUSE systemd[1]: Condition check resulted in Manage Sound Card State (restore and store) being skipped.
Mar 10 08:36:26 SimorghSUSE systemd[1]: Starting Load extra kernel modules for sound stuff...
Mar 10 08:36:26 SimorghSUSE systemd[1]: Starting User Login Management...
>
AFAICS, the network is being setup OK but, the Firewall daemon isn’t being started.
Some suggestions for where to check:
> systemctl list-unit-files | grep -iE 'UNIT FILE |fire'
UNIT FILE STATE VENDOR PRESET
dbus-org.fedoraproject.FirewallD1.service alias -
firewalld.service enabled disabled
>
# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-03-10 09:10:05 CET; 7h ago
Docs: man:firewalld(1)
Main PID: 981 (firewalld)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/firewalld.service
└─ 981 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
Mär 10 09:10:04 xxx systemd[1]: Starting firewalld - dynamic firewall daemon...
Mär 10 09:10:05 xxx systemd[1]: Started firewalld - dynamic firewall daemon.
#
# journalctl -b 0 --no-hostname --output=short-monotonic | grep -i 'firewall' -B 2 -A 2
[ 10.038299] systemd[1]: Started D-Bus System Message Bus.
[ 10.040925] systemd[1]: Started Detect if the system suffers from bsc#1089761.
[ 10.043164] systemd[1]: Starting firewalld - dynamic firewall daemon...
[ 10.047073] systemd[1]: Started irqbalance daemon.
[ 10.048548] systemd[1]: Starting Generate issue file for login session...
--
[ 10.585403] dbus-daemon[979]: [system] Successfully activated service 'org.freedesktop.ColorManager'
[ 10.585636] systemd[1]: Started Manage, Install and Generate Color Profiles.
[ 10.693175] systemd[1]: Started firewalld - dynamic firewall daemon.
[ 10.693469] systemd[1]: Reached target Preparation for Network.
[ 10.696243] systemd[1]: Starting wicked AutoIPv4 supplicant service...
--
[ 10.793017] kernel: No iBFT detected.
[ 11.010516] avahi-daemon[977]: Server startup complete. Host name is xxx.local. Local service cookie is 2738715431.
[ 11.453206] dbus-daemon[979]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' requested by ':1.5' (uid=0 pid=981 comm="/usr/bin/python3 /usr/sbin/firewalld --nofork --no")
[ 11.456872] systemd[1]: Starting Authorization Manager...
[ 11.487265] polkitd[1203]: Started polkitd version 0.116
#
# firewall-cmd --state
running
#
# firewall-cmd --check-config
success
#
# firewall-cmd --get-active-zones
docker
interfaces: docker0
trusted
interfaces: eth0
#
# firewall-cmd --get-policies
allow-host-ipv6
#
It is enabled, and it is set to Start On Boot in YaST Services Manager, but it won’t start on boot. I have to manually start it, so for example KDE Connect won’t connect unless I have the firewalld started manually.
In grub menu after reboot press e on the menu entry, then you are in an editor; move cursor to the line starting with linux or linuxefi and add parameters there. You can add them anywhere on the line, just separated by spaces.
Or you could use YaST Bootloader module but it adds them permanently, you probably do not want to run with debug logging.