CentOS Question posted in
The official documentation can be found here.

Failed to load nf_conntrack – CentOS

     [root@name ~]# systemctl status firewalld -l
        * firewalld.service - firewalld - dynamic firewall daemon
           Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
           Active: inactive (dead)
             Docs: man:firewalld(1)

        Nov 17 18:47:24 strike325 systemd[1]: Starting firewalld - dynamic firewall daemon...
        Nov 17 18:47:25 strike325 systemd[1]: Started firewalld - dynamic firewall daemon.
        Nov 17 18:47:25 strike325 firewalld[1176]: WARNING: ipset not usable, disabling ipset usage in firewall.
        Nov 17 18:47:26 strike325 firewalld[1176]: ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack'
                                                   modprobe: ERROR: could not insert 'nf_conntrack': Function not implemented
                                                   modprobe: ERROR: Error running install command for nf_conntrack
                                                   modprobe: ERROR: could not insert 'nf_conntrack': Operation not permitted
        Nov 17 18:47:26 strike325 firewalld[1176]: E

RROR: Raising SystemExit in run_server
    Nov 17 19:47:16 strike325 systemd[1]: Starting firewalld - dynamic firewall daemon...
    Nov 17 19:47:17 strike325 systemd[1]: Started firewalld - dynamic firewall daemon.
    Nov 17 19:47:17 strike325 firewalld[2689]: WARNING: ipset not usable, disabling ipset usage in firewall.
    Nov 17 19:47:18 strike325 firewalld[2689]: ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack'
                                               modprobe: ERROR: could not insert 'nf_conntrack': Function not implemented
                                               modprobe: ERROR: Error running install command for nf_conntrack
                                               modprobe: ERROR: could not insert 'nf_conntrack': Operation not permitted
    Nov 17 19:47:18 strike325 firewalld[2689]: ERROR: Raising SystemExit in run_server

I’ve recently purchased a VPS using Centos 7 (x64) and I’m having some trouble with my firewalld. I found the fix here but unfortunately it’s no longer working for me. Any help would be appreciated as I haven’t been able to find any permanent fixes.

Other fix attempts so far:

  1. restart dbus
  2. restart firewalld
  3. Reverting and locking the version of firewalld (temporary fix)
Tags:

2

Answers


  1. 0

    I was going to post my fix in a while now (I’m supporting a number of servers, all affected with the same issue), but haven’t had the time.

    But your question made me motivated to finally write it down.

    The solution from this post is:

    • create a script which generates modules.builtin file specific to your current kernel
    • create a SystemD unit which automatically recreates the same before FirewallD during startup (useful in case the kernel is upgraded).

    In this way, you permanently solve the issue without hacking a bit of FirewallD code.

    Login or Signup to reply.
  2. 0

    Workaround is to downgrade firewalld to 7.6:

    wget http://vault.centos.org/7.6.1810/os/x86_64/Packages/firewalld-0.5.3-5.el7.noarch.rpm http://vault.centos.org/7.6.1810/os/x86_64/Packages/firewalld-filesystem-0.5.3-5.el7.noarch.rpm http://vault.centos.org/7.6.1810/os/x86_64/Packages/python-firewall-0.5.3-5.el7.noarch.rpm
yum downgrade firewalld-0.5.3-5.el7.noarch.rpm firewalld-filesystem-0.5.3-5.el7.noarch.rpm python-firewall-0.5.3-5.el7.noarch.rpm

    and then lock firewalld from yum feature updates:

    yum -y install yum-versionlock
yum versionlock firewalld firewalld-filesystem python-firewall

    you can find more info in this thread.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search