Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fwknopd on Ubuntu 20.04.2 LTS, Warning: could not use the 'comment' match #331

Open
iamzili opened this issue Apr 27, 2021 · 0 comments
Open

fwknopd on Ubuntu 20.04.2 LTS, Warning: could not use the 'comment' match #331

iamzili opened this issue Apr 27, 2021 · 0 comments

Comments

@iamzili
Copy link

iamzili commented Apr 27, 2021
edited

Hello!

My issue is almost the same as link. I experience fwknopd issues after server reboot:
fwknopd server 2.6.10, compiled for firewall bin: /usr/sbin/iptables

Apr 20 09:32:56 iinfra3 systemd[1]: Starting Firewall Knock Operator Daemon...
Apr 20 09:32:56 iinfra3 fwknopd[812]: Starting fwknopd
Apr 20 09:32:56 iinfra3 systemd[1]: Started Firewall Knock Operator Daemon.
Apr 20 09:32:56 iinfra3 fwknopd[812]: Added jump rule from chain: INPUT to chain: FWKNOP_INPUT
Apr 20 09:32:56 iinfra3 fwknopd[812]: Warning: Could not use the 'comment' match
Apr 20 09:32:56 iinfra3 systemd[1]: fwknop-server.service: Main process exited, code=exited, status=1/FAILURE
Apr 20 09:32:56 iinfra3 systemd[1]: fwknop-server.service: Failed with result 'exit-code'.
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Scheduled restart job, restart counter is at 4.
Apr 20 09:32:57 iinfra3 systemd[1]: Stopped Firewall Knock Operator Daemon.
Apr 20 09:32:57 iinfra3 systemd[1]: Starting Firewall Knock Operator Daemon...
Apr 20 09:32:57 iinfra3 fwknopd[856]: Starting fwknopd
Apr 20 09:32:57 iinfra3 systemd[1]: Started Firewall Knock Operator Daemon.
Apr 20 09:32:57 iinfra3 fwknopd[856]: Added jump rule from chain: INPUT to chain: FWKNOP_INPUT
Apr 20 09:32:57 iinfra3 fwknopd[856]: Warning: Could not use the 'comment' match
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Main process exited, code=exited, status=1/FAILURE
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Failed with result 'exit-code'.
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Scheduled restart job, restart counter is at 5.
Apr 20 09:32:57 iinfra3 systemd[1]: Stopped Firewall Knock Operator Daemon.
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Start request repeated too quickly.
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Failed with result 'exit-code'.
Apr 20 09:32:57 iinfra3 systemd[1]: Failed to start Firewall Knock Operator Daemon.
Apr 20 09:36:33 iinfra3 systemd[1]: Starting Firewall Knock Operator Daemon...
Apr 20 09:36:33 iinfra3 systemd[1]: fwknop-server.service: Can't open PID file /run/fwknop/fwknopd.pid (yet?) after start: Operation not permitted

Service restart doesn't throw error, just server reboot.

Changing two rows in /lib/systemd/system/fwknop-server.service fixed my issue:

Wants=network-online.target
After=network-online.target

vs

Wants=network.target
After=network.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@iamzili