firewalld errors when adding http

Question

I'm trying to add http to the public zone in firewalld on CentOS 7 (new digitalocean image).

Someone please correct me if this is not the right/secure way to make my websites accessible through firewalld.

The issue I have is:

[root@wilberforce ~]# firewall-cmd --add-service=http
Error: COMMAND_FAILED: '/sbin/iptables -A IN_public_allow -t filter -m tcp -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT' failed: iptables: No chain/target/match by that name.
Failed to apply rules. A firewall reload might solve the issue if the firewall has been modified using ip*tables or ebtables.

Both http and https are listed under firewall-cmd --get-services. Why can't I add the service?

I'm assuming, however, that I should be able to fix it though? Seen as all Digital Ocean provide me with is an image and a virtual server. — Nathan Edwards, Oct 03 '15 at 16:00
No, [you can't fix it](https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/2814988-give-option-to-use-the-droplet-s-own-bootloader). Except by not using Digital Ocean. It's a long standing design flaw and one of the big reasons why many people have abandoned it. — Michael Hampton, Oct 03 '15 at 16:14
No, it won't work. You'll get the same error. Go get your money back and find another provider. — Michael Hampton, Oct 03 '15 at 16:33
How does anybody manage to use digital ocean then? Do they just go insecure? — Nathan Edwards, Oct 03 '15 at 16:37
Most DO users are developers and do not know or care about security...or operations in general, for that matter. — Michael Hampton, Oct 03 '15 at 16:38
Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/29849/discussion-between-nathan-edwards-and-michael-hampton). — Nathan Edwards, Oct 03 '15 at 16:43

Marco · Accepted Answer · 2015-10-03T17:20:26.107

0

There was a rogue firewalld process running which wouldn't allow for new rules to be added. It wasn't managable by systemd. The following did the trick:

systemctl stop firewalld
pkill -f firewalld
systemctl start firewalld

edited Oct 03 '15 at 17:20

answered Oct 03 '15 at 17:10

Marco

435
1
3
16

firewalld errors when adding http

1 Answers1

Linked