Submitted by yngens on Sun, 10/14/2018 - 10:53
Despite running the systemctl status apf command on CLI shows it is active:
systemctl status apf
● apf.service - SYSV: Advanced Policy Firewall (APF); iptables firewall wrapper
Loaded: loaded (/etc/rc.d/init.d/apf; bad; vendor preset: disabled)
Active: active (exited) since Sun 2018-10-14 09:09:05 UTC; 6h ago
Docs: man:systemd-sysv-generator(8)
Process: 13184 ExecStop=/etc/rc.d/init.d/apf stop (code=exited, status=0/SUCCESS)
Process: 13358 ExecStart=/etc/rc.d/init.d/apf start (code=exited, status=0/SUCCESS)
Webmin's Bootup and Shutdown page always shows No under the "Running now?" column. So since the OS is correctly confirming the active status of the service I believe something on Webmin needs to be fixed, please.
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Sun, 10/14/2018 - 17:59 Comment #1
If you run
systemctl show -- apfwhat does it output in theActiveStateline?Submitted by yngens on Sun, 10/14/2018 - 22:01 Comment #2
It was multiline output, so I grepped:
systemctl show -- apf | grep ActiveStateActiveState=active
Submitted by JamieCameron on Tue, 10/16/2018 - 22:49 Comment #3
That actually looks like what Webmin expects, so it should show that it's running in the Bootup and Shutdown module. I assume that it shows you're using
systemdat the top of the page?Submitted by yngens on Wed, 10/17/2018 - 01:22 Comment #4
Yes the header of the page shows:
Bootup and ShutdownBoot system : Systemd
but apf still shows no under
Running now?tab:apf Advanced Policy Firewall (APF); iptables firewall wrapper Yes NoPlease install apf on CentOS 7.x and see it by yourself.
Submitted by JamieCameron on Wed, 10/17/2018 - 21:11 Comment #5
Unusual ... is there perhaps also an
/etc/init.d/apfscript on your system?Submitted by yngens on Thu, 10/18/2018 - 09:27 Comment #6
Yes, there is with the following content:
#!/bin/bash
##
# Advanced Policy Firewall (APF) v1.7.5
# (C) 2002-2014, R-fx Networks <proj@rfxn.com>
# (C) 2014, Ryan MacDonald <ryan@rfxn.com>
# This program may be freely redistributed under the terms of the GNU GPL v2
##
# chkconfig: 345 55 25
# description: Advanced Policy Firewall (APF); iptables firewall wrapper
#
# source function library
. /etc/rc.d/init.d/functions
# import variables
. /etc/apf/conf.apf
. /etc/apf/internals/internals.conf
ipt="/sbin/iptables"
inspath="/etc/apf"
prog="apf"
case "$1" in
start)
echo -n "Starting APF:"
/usr/local/sbin/apf --start >> /dev/null 2>&1
echo_success
echo
;;
stop)
echo -n "Stopping APF:"
/usr/local/sbin/apf --stop >> /dev/null 2>&1
echo_success
echo
;;
restart)
$0 stop
$0 start
;;
condrestart)
if $ipt -n -L TALLOW > /dev/null 2>&1 && \
$ipt -n -L TDENY > /dev/null 2>&1 && \
$ipt -n -L TGALLOW > /dev/null 2>&1 && \
$ipt -n -L TGDENY > /dev/null 2>&1; then
$0 stop
$0 start
else
echo "APF not running, doing nothing."
fi
;;
*)
echo "usage: $0 [start|stop|restart|condrestart]"
esac
exit 0
and the file was part of installation process. Shouldn't it be there?
Submitted by JamieCameron on Sat, 10/20/2018 - 00:07 Comment #7
It shouldn't be there if
systemdis in use, becausesystemddoesn't use classic init scripts.Maybe try moving it to a different directory temporarily?
Submitted by yngens on Sat, 10/20/2018 - 01:25 Comment #8
I removed the file and finally the column started to show "Yes", however "Start at boot?" colmun was showing "No" and when I attempted to set it to "Yes" it has given:
Failed to save systemd service : No systemd configuration enteredSo with the file the "Running now?" column fails and without the file the "Start at boot?" column fails.
Can't you just spin up CentOS 7,x based system, install APF per the following steps:
cd /usr/srcwget http://www.rfxn.com/downloads/apf-current.tar.gz
tar xzf apf-current.tar.gz
rm -f apf-current.tar.gz
cd apf*
./install.sh
chkconfig apf on
and run tests?
Submitted by JamieCameron on Sat, 10/20/2018 - 12:32 Comment #9
Ok I tried that out, and here's the real problem - the init script
/etc/init.d/apfdoesn't have a "status" mode so Webmin cannot query it's status. Normally regular init scripts can be run like/etc/init.d/apf statusand they will display something useful.There is a Webmin bug there though - in this case it should show "unknown" rather than "down" for the status. I'll fix that in the next release.
Submitted by yngens on Sat, 10/20/2018 - 19:29 Comment #10
I see. Well, seeing "unknown" is much better than "down".
Submitted by JamieCameron on Sat, 10/20/2018 - 19:33 Comment #11
Yeah "unknown" is the best we can do unless the init script provides more useful information.
Submitted by yngens on Sun, 10/21/2018 - 02:26 Comment #12
Alternatively, you could check the status of APF with
chkconfig --list apfas advised on https://askubuntu.com/questions/108822/how-do-i-check-the-status-of-apf-...One more alternative is to get the status of APF with the following bash-lines:
offline=`cat /var/log/apf_log | tail -1 | grep offline`if [[ -z $offline ]]; then
echo "On"
else
echo "Off"
fi
You can test the above snippet by flashing apf with
apf -fand then restarting it withapf -r.Submitted by andreychek on Sun, 10/21/2018 - 08:34 Comment #13
Submitted by JamieCameron on Sun, 10/21/2018 - 20:11 Comment #14
There certainly are ways to check if
apfspecifically is running, but the Bootup and Shutdown module need to use methods that are generic across all types of init scripts.chkconfig --listonly shows whether it is configured to run in each runlevel, not whether it is actually running right now. That's not a solution. It really does need to be a proper status in the initscript, so it can check the pid and see if the process is active.Submitted by yngens on Tue, 10/23/2018 - 15:19 Comment #16
Unfortunately, the file comes as part of APF setup, so since we have no control over it, let's just compromise with that Jamie suggested and have it (and other similar services with unknown statuses) marked as "unknown" instead of showing "down".
Submitted by IssueBot on Thu, 02/28/2019 - 09:07 Comment #17
Automatically closed - issue fixed for 2 weeks with no activity.