fwknopd on Ubuntu 20.04.2 LTS, Warning: could not use the 'comment' match
iamzili opened this issue · comments
Erik Zilinsky commented
Hello!
My issue is almost the same as link. I experience fwknopd issues after server reboot:
fwknopd server 2.6.10, compiled for firewall bin: /usr/sbin/iptables
Apr 20 09:32:56 iinfra3 systemd[1]: Starting Firewall Knock Operator Daemon...
Apr 20 09:32:56 iinfra3 fwknopd[812]: Starting fwknopd
Apr 20 09:32:56 iinfra3 systemd[1]: Started Firewall Knock Operator Daemon.
Apr 20 09:32:56 iinfra3 fwknopd[812]: Added jump rule from chain: INPUT to chain: FWKNOP_INPUT
Apr 20 09:32:56 iinfra3 fwknopd[812]: Warning: Could not use the 'comment' match
Apr 20 09:32:56 iinfra3 systemd[1]: fwknop-server.service: Main process exited, code=exited, status=1/FAILURE
Apr 20 09:32:56 iinfra3 systemd[1]: fwknop-server.service: Failed with result 'exit-code'.
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Scheduled restart job, restart counter is at 4.
Apr 20 09:32:57 iinfra3 systemd[1]: Stopped Firewall Knock Operator Daemon.
Apr 20 09:32:57 iinfra3 systemd[1]: Starting Firewall Knock Operator Daemon...
Apr 20 09:32:57 iinfra3 fwknopd[856]: Starting fwknopd
Apr 20 09:32:57 iinfra3 systemd[1]: Started Firewall Knock Operator Daemon.
Apr 20 09:32:57 iinfra3 fwknopd[856]: Added jump rule from chain: INPUT to chain: FWKNOP_INPUT
Apr 20 09:32:57 iinfra3 fwknopd[856]: Warning: Could not use the 'comment' match
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Main process exited, code=exited, status=1/FAILURE
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Failed with result 'exit-code'.
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Scheduled restart job, restart counter is at 5.
Apr 20 09:32:57 iinfra3 systemd[1]: Stopped Firewall Knock Operator Daemon.
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Start request repeated too quickly.
Apr 20 09:32:57 iinfra3 systemd[1]: fwknop-server.service: Failed with result 'exit-code'.
Apr 20 09:32:57 iinfra3 systemd[1]: Failed to start Firewall Knock Operator Daemon.
Apr 20 09:36:33 iinfra3 systemd[1]: Starting Firewall Knock Operator Daemon...
Apr 20 09:36:33 iinfra3 systemd[1]: fwknop-server.service: Can't open PID file /run/fwknop/fwknopd.pid (yet?) after start: Operation not permitted
Service restart doesn't throw error, just server reboot.
Changing two rows in /lib/systemd/system/fwknop-server.service
fixed my issue:
Wants=network-online.target
After=network-online.target
vs
Wants=network.target
After=network.target