Fedora Linux 18: firewalld Blocking All Ports After firewall-cmd –enable

tiredone asked:

In an attempt to gain VNC access to a remote box I threw this silly command at its firewalld over ssh i.e.

$ firewall-cmd --enable 5903:tcp

Now I cannot ssh, ping or curl the server. Whoops.

Can anybody explain what has caused this to happen? I mean surely –enable on its own would enable the firewall and its default rules (i.e. ssh access being one of them) right? As you can probably tell I didn’t read the manual- fundamental human error. Also note I ran the command as a normal user, not as root or via sudo. Thanks all 🙁

My answer:

FirewallD is very new, and as such it’s going to take some time to get accustomed to.

You can begin by reading the Fedora wiki page on FirewallD, which has a complete list of its command line options/usage.

My best guess on what happened is that you accidentally put the firewall in panic mode, where it blocks all network connections. This is based on the fact that the only option to firewall-cmd which begins with --enable is --enable-panic. You will have to go to the server console or remote into the server’s OOB management interface (iLO, DRAC, IPMI) to recover from this.

The correct way to add a service is with --add-service or --add-port.

@mattdm notes in a comment below that a bug has been filed against FirewallD for exactly this behavior. The bug appears to have been fixed, by removing the options --enable-panic and --disable-panic and replacing them with --panic-on and --panic-off. This has been committed and will appear in a future release.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.