SCIENTIFIC-LINUX-USERS Archives

April 2017

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: SL 7 firewall-cmd erroring
From:
Mark Stodola <[log in to unmask]>
Reply To:
Mark Stodola <[log in to unmask]>
Date:
Wed, 19 Apr 2017 16:03:43 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (39 lines) 
On 04/19/2017 03:55 PM, Kelley Trombly-Freytag wrote:
> When I tried to add to my ipset, (firewall-cmd --permanent --ipset=groupips --add-entry=XXX.XXX.XX.0/24)
>  I received the following error:
>
> Error: IO_Object_XMLGenerator instance has no attribute '_out'
>
> This subsequently made my ipset file empty, and as a result, I can not ssh into the machine.
>
> Can I just recreate the ipset file under /etc/firewalld/ipsets and try to firewall-cmd --reload?
>
> What is this error and how do I fix it?
>
> I am currently running redhat release 7.2. Firewalld is at firewalld-0.4.3.2-8, with
> no yum updates outstanding.
>
> Kelley Trombly-Freytag
>

I just tried this and had no problems on 7.2:

[root@csdev17 ipsets]# cat /etc/redhat-release
Scientific Linux release 7.2 (Nitrogen)

[root@csdev17 ipsets]# rpm -qa firewalld
firewalld-0.4.3.2-8.el7.noarch

[root@csdev17 ipsets]# firewall-cmd --permanent --new-ipset=groupips 
--type=hash:net
success

[root@csdev17 ipsets]# firewall-cmd --permanent --ipset=groupips 
--add-entry=192.168.3.0/24
success

With that said, you should be able to replace the xml file by hand and 
reload your firewall.

-Mark

ATOM RSS1 RSS2