On freshly-booted Amazon EC2 instance (Amazon Linux 2), the firewalld could not be started. Executing systemctl start firewalld gives several warnings and errors (details below), boiling down to: no icmptypes found and no such file or directory: '/proc/sys/net/netfilter/nf_conntrack_helper'.
Any advices are highly appreciated.
# uname -r
4.14.173-137.229.amzn2.x86_64
# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Fri 2020-04-10 11:11:29 UTC; 17min ago
Docs: man:firewalld(1)
Process: 2736 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 2736 (code=exited, status=0/SUCCESS)
... firewalld[2736]: WARNING: unknown-header-type: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
... firewalld[2736]: WARNING: ICMP type 'unknown-option' is not supported by the kernel for ipv6.
... firewalld[2736]: WARNING: unknown-option: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
... firewalld[2736]: ERROR: No icmptypes found.
... firewalld[2736]: ERROR: Failed to read file "/proc/sys/net/netfilter/nf_conntrack_helper": [Errno 2] No such file or directory: '/proc/sys/net/netfilter/nf_conntrack_helper'
... firewalld[2736]: WARNING: Failed to get and parse nf_conntrack_helper setting
... firewalld[2736]: WARNING: iptables not usable, disabling IPv4 firewall.
... firewalld[2736]: WARNING: ip6tables not usable, disabling IPv6 firewall.
... firewalld[2736]: FATAL ERROR: No IPv4 and IPv6 firewall.
... firewalld[2736]: ERROR: Raising SystemExit in run_server
UPDATE:
It seems that my system doesn't have nf_conntrack:
# lsmod | grep nf_conntrack
(empty output)
