Why won't firewalld install?

Doug Wolfgram asked:

I am trying to get firewalld running on a centos 7 machine. I know the service is installed from yum:

yum install firewalld
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.linuxfix.com
 * epel: mirrors.develooper.com
 * extras: mirror.sjc02.svwh.net
 * remi: repo1.sea.innoscale.net
 * remi-php56: repo1.sea.innoscale.net
 * remi-safe: repo1.sea.innoscale.net
 * updates: repos.lax.quadranet.com
Package firewalld-0.4.4.4-14.el7.noarch already installed and latest version
Nothing to do

But when I try to start it I get

Failed to start firewalld.service: Unit is masked.

Which usually means it is not installed. So I run this command:

systemctl list-units --type=service

And it is not listed (it should be right after fail2ban)

avahi-daemon.service                                            loaded active running Avahi mDNS/DNS-SD Stack
chronyd.service                                                 loaded active running NTP client/server
crond.service                                                   loaded active running Command Scheduler
dbus.service                                                    loaded active running D-Bus System Message Bus
fail2ban.service                                                loaded active running Fail2Ban Service
[email protected]                                              loaded active running Getty on tty1
httpd.service                                                   loaded active running The Apache HTTP Server
iptables.service                                                loaded active exited  IPv4 firewall with iptables
irqbalance.service                                              loaded active running irqbalance daemon

I have uninstalled and re-installed several times, rebooted and same result. What could possibly be causing firewalld to not be recognized? I am running 13 VMs and this is the only one with this problem. I also turned of selinux but that didn’t help. Any diagnostic suggestions are welcome.

My answer:


Did you try to systemctl unmask firewalld? That’s the first step to getting a masked service going.

If you still have trouble, check for the existence of an empty override directory /etc/systemd/system/firewalld.service.d. If an override directory exists but has no override files in it, the service cannot start. Delete the directory in this case.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.