I have a computer with two accounts on it: mine and my wife’s. I do all the administration. I found recently that when I attempt to open the firewall configuration menu, the authentication window does not open. Thus, I cannot change any firewall settings by using the menu, either when I am logged on as myself, or as my wife. It happens that I have another computer set up the same way, except I only have my own account set up on it. I have no problems with that one. Have you any suggestions on enabling the firewall config menu on the first computer? Many thanks!
Which Desktop Environment?
NVM, shoud’ve read better…
The KDE tag in the OP seems to suggest it is KDE. I don’t remember the last time I saw a graphical firewall tool in Fedora. I mainly just use firewall-cmd. It appears that there is a plasma-firewall with plasma-firewall-firewalld support, so I assume that’s what this is about. Unfortunately, my KDE machine is in the office and since I have family members with COVID, I’m stuck working remotely this week, but I’m sure someone else running KDE can help troubleshoot this in the meantime.
1 Like
Confirming, I am using the KDE Desktop Environment, with the graphical firewall configuration manager.
What I have above is part of a longer story. I can now open the firewall configuration graphic, and I can use it when I am logged on. However, I still have a problem.
This all came about because I was trying to use a Flatpak application known as “Warpinator”, which enables me to use my network to transfer files from one computer to another, and Android files to my computers. In order to use it, I have to have ports open on my computer, or the devices cannot “see” each other. I have had no problems using Warpinator when I was logged on, and the appropriate ports open. However, I found that my Android phone was invisible to my computer when my wife was logged on. Now, I always thought that firewall rules were set up globally on the computer, but what I was seeing was symptomatic of a firewall issue, so I tried to open the firewall configuration program. That’s when the problem started. I could not open the firewall config program when my wife was logged on, and, after logging her off, and logging myself on again, I couldn’t open the firewall config program either. SO, I went to the command line and put in “firewall-cmd” which just generated two errors. Then, I put in “sudo firewalld” and that only complained that I didn’t put in any options. Then I put in “firewall-cmd” and got the polkit window for authenticating myself. Then I closed the terminal and could open the configuration program normally.
So, several questions. First, how are things supposed to be? Are firewall entries made when I am logged on GLOBAL, or just for me? If so, then, why am I having (apparent) firewall problems when my wife is logged on? Finally, any ideas on what to do about it?
One other thing. My daughters have a Fedora machine set up with the Mate DE, and we don’t have these firewall/Warpinator problems with it. NOT a complaint, just a pertinent fact.
In any case, I understand that Warpinator support is probably beyond the scope of what you do, but I appreciate any help you can give me. All the best!
The gui for firewall config on fedora is the firewall-config command which comes from the firewall-config package.
Firewall configs should be global.
There are different zones, and if the user is in a different zone then the rules may be different. Check what zone you are in and what zone your wife is in. If they are different then you may need to adjust the config.
Thanks, Jeff, that makes sense. I don’t know how to find out what zones we are in. When I set it up, I noticed the default zone was “Public”, so that 's how I set it up. It works for me, but not for my wife. How do I find out which zones we are in?
If you have a simple setup, it’s very well likely you are only using or need one zone. You can find out which zones are currently active and their associated rules with:
firewall-cmd --list-all
The thing that normally trips people up with firewalld is that you can make changes to the existing firewall but unless you do it with --permanent and then firewall-cmd reload, those changes won’t persist the next time the machine is rebooted or firewalld service is restarted. Conversely, when you make the change with --permanent it doesn’t impact the current runtime without a reload. So, it’s not uncommon for people to believe they’ve updated the firewall only to find out that it no longer works the way they expected later OR they updated the firewall with --permanent and didn’t reload so the updated rules haven’t taken effect yet. In either case, firewall-cmd --list-all will show you the current effective ruleset.
1 Like
Jeff and Scott, Thanks for the help. I’ve been fiddling with it for awhile, and I THINK I have a solution that works, albeit not as it should be. It looks like firewalld isn’t starting properly for some reason. Whenever I log on as my wife, I cannot start the firewall config program properly. I open a terminal while I’m there, and switch terminal user to myself and enter “firewall-cmd”, and get the following error:
Error: Traceback (most recent call last):
File “/usr/lib/python3.11/site-packages/firewall/client.py”, line 50, in _impl
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/site-packages/firewall/client.py”, line 3141, in get_property
return dbus_to_python(self.fw_properties.Get(
^^^^^^^^^^^^^^^^^^^^^^
AttributeError: ‘NoneType’ object has no attribute ‘Get’
Then, I enter “sudo firewalld”, I enter my password, close the terminal and then can open the firewall config program from the graphic interface normally. At this point, I simply close out the config program and then I can use the “Warpinator” program.
Please let me know what’s going on, and what to do about it or how to further investigate. Many thanks for putting up with my continuing issues in defining my problem!
This is a different issue. Firewalld should run whenever the system is powered on, not depending upon who is logged in.
Please reboot, log in as your wife, then post the output of sudo systemctl status firewalld.service
It should show something like this.
# systemctl status firewall*
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
Active: active (running) since Sun 2023-01-01 19:52:00 CST; 2 days ago
Docs: man:firewalld(1)
Main PID: 1440 (firewalld)
Tasks: 2 (limit: 38370)
Memory: 32.2M
CPU: 430ms
CGroup: /system.slice/firewalld.service
└─1440 /usr/bin/python3 -sP /usr/sbin/firewalld --nofork --nopid
Jan 01 19:51:57 eagle.home.domain systemd[1]: Starting firewalld.service - firewalld - dynamic firewall daemon...
Jan 01 19:52:00 eagle.home.domain systemd[1]: Started firewalld.service - firewalld - dynamic firewall daemon.
Then log out and back in as yourself and run the same command. There should be no difference in the output. You might also do the same with a power off and restart but log in initially as yourself and run that command. Again the output should be similar.
If there is a difference in the firewall depending on who logs in first then we need to investigate that, since systemd should start the firewall during boot.
OK, here are a list of outputs, but they all show the firewall as inactive:
- Cold boot, log in as wife, open terminal
[suzanne@fedora ~]$ su - astauss
Password:
[astauss@fedora ~]$ sudo systemctl status firewalld.service
[sudo] password for astauss:
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[astauss@fedora ~]$
- Logout, log in as myself, open terminal
[astauss@fedora ~]$ sudo systemctl status firewalld.service
[sudo] password for astauss:
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[astauss@fedora ~]$
- Cold boot, log in as myself, open terminal
[astauss@fedora ~]$ sudo systemctl status firewalld.service
[sudo] password for astauss:
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[astauss@fedora ~]$
- Logout, log in as wife, open terminal
suzanne@fedora ~]$ su - astauss
Password:
[astauss@fedora ~]$ sudo systemctl status firewalld.service
[sudo] password for astauss:
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[astauss@fedora ~]$
It’s not running. If you mean for it to be running and active on boot: sudo systemctl enable --now firewalld
I just did that, and did the checks that Jeff suggested. Firewalld is running regardless of operator, and my only concern is how it ever got turned off. Anyway, I am a happy camper, and many thanks to you and Jeff.
2 Likes