Is the default Fedora Workstation without a firewall?

I couldn’t find any firewall settings in settings so I started looking for config files related to firewalls.

Used rm -r on a file that specified the firewall should be inaccessible to users (I know, that was not the right move, it was a rash decision).

Then I thought “Maybe that’s normal and I should ask?”

So I’m here to ask, is it normal to have no firewall installed but to have it marked inaccessible in “Action org.fedoraproject.FirewallD1”? (Also, is it possible to replace this file?)

Optional context:
I just installed Fedora this evening. I’ve installed and used Linux before, but I still learning a lot of basics.

Hello @still-awake366 ,
Welcome to :fedora: !

Try checking this link out about firewalld, the firewall daemon used in Fedora Linux https://docs.fedoraproject.org/en-US/quick-docs/firewalld/#_what_is_firewalld

I believe I broke it.

sudo firewall-cmd --state
ERROR:dbus.proxies:Introspect error on :1.279:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException: org.freedesktop.PolicyKit1.Error.Failed: Action org.fedoraproject.FirewallD1.info is not registered
Error: Action org.fedoraproject.FirewallD1.config is not registered

Edit: Should this become a different post “How to repair what I broke-” ?

You should be able to simply reinstall firewalld with dnf. So sudo dnf reinstall firewalld
A reboot may be required since it is a system core package.

Thats a bit too open ended for me … I break things regularly. Plus I think we can get this answered for you and reinstalled.

2 Likes

It looked like it worked. I mean that should have worked right?

Job for firewalld.service failed because a timeout was exceeded.
See "systemctl status firewalld.service" and "journalctl -xeu firewalld.service" for details.

  Verifying        : firewalld-1.0.5-2.fc36.noarch                          1/2 
  Verifying        : firewalld-1.0.5-2.fc36.noarch                          2/2 

Reinstalled:
  firewalld-1.0.5-2.fc36.noarch
× firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: failed (Result: timeout) since Mon 2022-10-03 03:43:10 PDT; 21s ago
       Docs: man:firewalld(1)
    Process: 32087 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
   Main PID: 32087 (code=exited, status=0/SUCCESS)
        CPU: 235ms

Oct 03 03:41:40 localhost systemd[1]: Starting firewalld.service - firewalld - dynamic firewall daemon...
Oct 03 03:43:10 localhost systemd[1]: firewalld.service: start operation timed out. Terminating.
Oct 03 03:43:10 localhost systemd[1]: firewalld.service: Failed with result 'timeout'.
Oct 03 03:43:10 localhost systemd[1]: Failed to start firewalld.service - firewalld - dynamic firewall daemon.

~

and

 A start job for unit firewalld.service has finished with a failure.

 The job identifier is 16281 and the job result is failed.

So are you still getting errors?

Mine does not report any when I check status, and I leave it at whatever default settings it is installed with. For comparison sake only it ouputs the following …

● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
     Active: active (running) since Tue 2022-10-04 06:10:54 EDT; 22min ago
       Docs: man:firewalld(1)
   Main PID: 1066 (firewalld)
      Tasks: 2 (limit: 37704)
     Memory: 47.9M
        CPU: 254ms
     CGroup: /system.slice/firewalld.service
             └─1066 /usr/bin/python3 -sP /usr/sbin/firewalld --nofork --nopid

Oct 04 06:10:54 fedora systemd[1]: Starting firewalld.service - firewalld - dynamic firewall daemon...
Oct 04 06:10:54 fedora systemd[1]: Started firewalld.service - firewalld - dynamic firewall daemon.

[edit] Also as an alternate to rebooting you could try sudo firewall-cmd --complete-reload

1 Like

Have you tried rebooting since you installed it?

1 Like

It’s not possible to see what went wrong from the logs you posted. Try this:

sudo rpm -Va --nomtime

This will post any files on your system that differ from stock RPMs. So for example, service files, configuration files, etc. This might point to something else that’s not allowing firewalld to start. This will also tell you if you have incorrect permissions somewhere.

You can fix that with:

sudo rpm -a --restore

The -a flag specifies all RPMs (just to be safe), you can specify only firewalld packages if you wish. Finally, if you have any SELinux problems:

sudo fixfiles -T 0 -B onboot

Will relabel your files on boot. Only run this if you need to though.

On a side note, the default zone in Workstation (FedoraWorkstation) has non-privileged ports open by default. If you do not want this, you may consider switching your firewall zone.

The default firewall config on fedora workstation has these packages installed. Maybe the file you deleted is from another package than firewalld so please try reinstalling all those then reboot. It should fully recover.

# dnf list installed | grep firewall
firewall-config.noarch               1.0.5-2.fc36              @updates                  
firewalld.noarch                     1.0.5-2.fc36              @updates                  
firewalld-filesystem.noarch          1.0.5-2.fc36              @updates                  
python3-firewall.noarch              1.0.5-2.fc36              @updates                  
1 Like