Issue Failed to restart firewalld.service when fail2ban.service exists

nethubonline

nethubonline

Regular Pleskian
Server operating system version
AlmaLinux 9.5
Plesk version and microupdate number
18.0.65 #1
Hi all,

After I fresh install the Plesk with fail2ban and firewalld, I can't restart firewalld
Code: 
# systemctl restart firewalld
Failed to restart firewalld.service: Transaction contains conflicting jobs 'restart' and 'stop' for fail2ban.service. Probably contradicting requirement dependencies configured.
See system logs and 'systemctl status firewalld.service' for details.

But I can restart firewalld after I stop fail2ban
Bash: 
# systemctl stop fail2ban
# systemctl restart firewalld
# systemctl start fail2ban

If I update /usr/lib/systemd/system/fail2ban.service as below, firewalld can be restarted successfully
Code: 
PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service
to
Code: 
PartOf=firewalld.service nftables.service

Not sure if this is a bug or if I'm the only one with this problem, please help.
 
Hello, @nethubonline. This is a known issue identified with ID PPPM-12992 and is has been investigated by our engineers already. The conclusion is that the root cause is pretty complicated and a fix has not been introduced yet.

Systemd and firewalld.service, fail2ban.service files involved:

  1. firewalld.service - contains a 'Conflict' section with iptables.service, ip6tables.service and ipset.service. This means that they can't work together. If you try to start firewalld these services will be stopped by systemd.
  2. fail2ban.service - contains a 'PartOf' section with iptables.service, firewalld.service, ip6tables.service and ipset.service. This means that if some of these services will be stopped/restarted, fail2ban will be stopped/restarted too.

When you try to restart firewalld service systemd wants to start firewalld. For that, it needs to stop all of 'Conflict' services and fail2ban too as a result. From the other side, systemd tries to restart firewalld and fail2ban as a part of it. And they get into conflict.

systemd developers discussed it and it appears they do not have a way to fix this behavior on their side.

It appears that you have already figured out one of the workarounds. The developers have provided another workaround: it is required to add another service and mark all firewalls and fail2ban as part of it to avoid conflict. The workaround is described here: [systemd-devel] Transaction contains conflicting jobs 'restart' and 'stop'
 
oic, thank you Sebahat. I will wait for the fix of PPPM-12992

FYI, there is no such problem if I only install firewalld and fail2ban in fresh OS (no Plesk).
 
You must log in or register to reply here.

Similar threads

UnS3eN
Issue httpd won't start
Replies
9
Views
459
pleskpanel
P
K
Resolved Ubuntu 24.04 - Fail2ban not working
Replies
2
Views
4K
Kaspar@Plesk
Kaspar@Plesk
C
Resolved Login and systemctl problems
Replies
12
Views
1K
chrisgch
C
S
Issue Manuel upgrade to Debian 13 - BIND stopped working
2
Replies
20
Views
904
superfun2k23
S
R
Resolved Mariadb stop working in upgrade from Ubuntu 20.04 to 22.04
Replies
1
Views
2K
rodrom
R
Back
Top