From the logs/system filter netify

Jan 28 12:19:18 domain firewall: Running /etc/clearos/firewall.d/10-netify-fwa

Jan 28 12:19:18 domain firewall: Netify FWA is not running, not creating hook rules.

Current versions are:

rpm -qa | grep netify

app-netify-fwa-core-2.3.2-1.v7.noarch

netifyd-1.21-1.v7.x86_64

netify-fwa-2.2-1.v7.noarch

app-netify-core-2.3.6-1.v7.noarch

I'm not sure I'd step back any versions. There are certain older versions which can crash blocking bittorrents. I believe the packages are going to get some TLC over the next 6 months or so.

I am not aware the packages write to any particular file. They operate via a load of firewall rules so you may see references in /var/log/messages and /var/log/system.

OK, I found some info in the log/messages

Jan 30 16:37:56 domain yum[18809]: Updated: netify-fwa-2.2-1.v7.noarch

Jan 30 16:41:39 domain webconfig: Redirecting to /bin/systemctl start netify-fwa.service

Jan 30 16:41:39 domain systemd: Starting Netify FWA Daemon...

Jan 30 16:41:39 domain php: Netify Firewall Agent v1.8/1.5

Jan 30 16:41:39 domain php: Netify Firewall Agent v1.8 starting...

Jan 30 16:41:39 domain netify-fwa[22110]:

Jan 30 16:43:09 domain systemd: netify-fwa.service start-post operation timed out. Stopping.

Jan 30 16:43:09 domain netify-fwa[22242]: Exiting...

Jan 30 16:43:09 domain netifyd: void ndSocketThread::ClientHangup(std::map<int, ndSocket*>::iterator&

Jan 30 16:43:09 domain netify-fwa[22242]:

Jan 30 16:44:39 domain systemd: netify-fwa.service stop-post timed out. Terminating.

Jan 30 16:44:39 domain systemd: Failed to start Netify FWA Daemon.

Jan 30 16:44:39 domain systemd: Unit netify-fwa.service entered failed state.

Jan 30 16:44:39 domain systemd: netify-fwa.service failed.

Jan 30 16:44:39 domain webconfig: Job for netify-fwa.service failed because a timeout was exceeded. See "systemctl status netify-fwa.service" and "journalctl -xe" for details.

and

# systemctl status netify-fwa.service -l

● netify-fwa.service - Netify FWA Daemon

   Loaded: loaded (/usr/lib/systemd/system/netify-fwa.service; enabled; vendor preset: disabled)

   Active: failed (Result: timeout) since Tue 2018-01-30 16:44:39 EST; 1min 35s ago

  Process: 22586 ExecStopPost=/usr/libexec/netify-fwa/exec-stop-post.sh (code=killed, signal=TERM)

  Process: 22110 ExecStart=/usr/sbin/netify-fwa (code=exited, status=0/SUCCESS)

 Main PID: 22242 (code=exited, status=0/SUCCESS)



Jan 30 16:41:39 domain.com netify-fwa[22242]: Connected to /var/lib/netifyd/netifyd.sock(0).

Jan 30 16:41:39 domain.com netify-fwa[22242]: Processed 233 protocols/applications.

Jan 30 16:41:39 domain.com netify-fwa[22242]: Saved 233 protocols/applications.

Jan 30 16:43:09 domain.com systemd[1]: netify-fwa.service start-post operation timed out. Stopping.

Jan 30 16:43:09 domain.com netify-fwa[22242]: Exiting...

Jan 30 16:43:09 domain.com netify-fwa[22242]: 

Jan 30 16:44:39 domain.com systemd[1]: netify-fwa.service stop-post timed out. Terminating.

Jan 30 16:44:39 domain.com systemd[1]: Failed to start Netify FWA Daemon.

Jan 30 16:44:39 domain.com systemd[1]: Unit netify-fwa.service entered failed state.

Jan 30 16:44:39 domain.com systemd[1]: netify-fwa.service failed.

I tried with the downgraded version and get the same errors.

What to try next?

Nick Howitt wrote:

Current versions are:

rpm -qa | grep netify

app-netify-fwa-core-2.3.2-1.v7.noarch

netifyd-1.21-1.v7.x86_64

netify-fwa-2.2-1.v7.noarch

app-netify-core-2.3.6-1.v7.noarch

I'm not sure I'd step back any versions. There are certain older versions which can crash blocking bittorrents. I believe the packages are going to get some TLC over the next 6 months or so.

I am not aware the packages write to any particular file. They operate via a load of firewall rules so you may see references in /var/log/messages and /varl/og/system.

Looks like our posts crossed again.

I found a bunch of info in the messages log (posted in the crossed post)

Here is my present installed (COS 7.4 :-) )

rpm -qa | grep netify

app-netify-fwa-core-2.3.2-1.v7.noarch

netify-fwa-2.2-1.v7.noarch

netifyd-1.21-1.v7.x86_64

app-netify-core-2.3.6-1.v7.noarch

Hmmm. Somehow this has screwed up fail2ban again too. It was shutdown at the time I tried noticed netify-fwa wasn't running and tried to start it.

I'm struggling. I only installed the protocol filter to investigate something else so I don't habitually use it. What are you filtering? I am filtering BitTorrent, Gnutella and eDonkey and netify-fwa seems to run OK (but there is an issue blocking BitTorrent).

Nick Howitt wrote:

I'm struggling. I only installed the protocol filter to investigate something else so I don't habitually use it. What are you filtering? I am filtering BitTorrent, Gnutella and eDonkey and netify-fwa seems to run OK (but there is an issue blocking BitTorrent).

I installed the protocol filter when I did the initial set up. The installation was more of a "just in case" I need to manage something if my kids get out of control on some new toy. The only things blocked at the moment are the games. I set those rules more as a test rather than specific reason. I supposed I could disable those rules and test if it runs again. Then I'd have to check if it blows up fail2ban again.

nuke wrote:
I supposed I could disable those rules and test if it runs again. Then I'd have to check if it blows up fail2ban again.

Yep. It screwed everything up. Now I can't get fail2ban to run. It appears that the restart/reload of netify-fwa shuts down a number of firewall processes including fail2ban. Since it won't start it hangs and all the other processes won't restart.

If I manually

systemctl stop netify-fwa

then I can restart fail2ban. I'll have to add some comments to the fail2ban discussion we have been having as it looks like fail2ban isn't blocking at all.

Perhaps the best course is to remove the protocol filter until I really need it. (But I don't know if that will fix the other issues though.)

[edit] add more detail[/edit]

I'm still having a bunch of problems with this netify-fwa.
I removed both the Protocol filter and the Application filter but the netify-fwa and netifyd are still present. (I thought they should be removed when I removed Protocol and Application filters???)
Each time I make any change to the firewall, netify-fwa tries to restart and clobbers the Attack Defender (fail2ban).
netify-fwa hangs and times out.
Having read some more posts regarding netify and what should be installed and where, I may have found a bug or inconsistency with my install.
The file

/etc/netify-fwa.conf

contains:

[nfa]

disable_protocol_rules = false

disable_service_rules = false

file_pid = /run/netify-fwa/netify-fwa.pid

file_reload_lock = /run/netify-fwa/netify-fwa.reload

file_state = /var/lib/netify-fwa/state.dat

rule_ttl = 600

rule_mark_base = 0x900000

syslog_facility = local0



[netify]

node = /var/lib/netifyd/netifyd.sock

service = 0



[service_whitelist]



[protocol_whitelist]



[service_rules]



[protocol_rules]

According to the github for netify, the state.dat file was removed. There was a post on this forum about the state.dat file causing problems. I checked in /var/lib/netify-fwa/ and there is no state.dat file. There is however a nfa_protocols.dat. Since the state.dat file shouldn't exist and is listed in the conf file, I think there is a bug.
Either the

file_state = /var/lib/netify-fwa/state.dat

shouldn't be there, the right line should be

file_state = /var/lib/netify-fwa/nfa_prototcols.dat

or some other reference should be to nfa_prototcols.dat.

Questions
1) can I safely remove netify-fwa and netifyd since I have removed both the Protocol and Application filters?
2) is the netify-fwa.conf in error?

One more potential issue.

In

/etc/clearos/firewall.d/

it looks like the permissions are inconsistent.

ll /etc/clearos/firewall.d/

total 28

-rw-r--r-- 1 root root 2365 Nov 10 12:22 10-netify-fwa

-rwxr-xr-x 1 root root   95 Feb  4 11:36 10-ntp

-rw-r--r-- 1 root root 1156 Aug 20 11:10 10-snortsam

-rwxr-xr-x 1 root root 1433 May  5  2017 90-attack-detector

-rwxr-xr-x 1 root root  326 Jan 24 03:09 custom

-rwxr-xr-x 1 root root  212 Jan 11 17:24 local

-rwxr-xr-x 1 root root 1467 Dec 12 14:52 types

So we have 10-netify-fwa & 10-snortsam as 644 and the rest are 755.
Would this be causing a problem with the starting of netify-fwa?
If yes, then which permissions should it be?

Hi Nuke,
As fare as I worked out in the past, permissions don't matter too much in /etc/clearos/firewall.d/ In the past I tried disabling rules by removing the execute bit and it did nothing. The only way I found of disabling a file was to make it into a dot file.

I've tried an "rpm -q --whatrequires netifyd" and "rpm -q --whatrequires netify-fwa" (and therefore rpm -q --whatrequires app-netify-fwa-core), and to me, it looks like they can be safely removed if you have removed the Protocol Filter app.

Thanks again for the help, Nick.
The

yum remove app-netify-*

never completes. I've forced quit and run

 yum-complete-transaction --cleanup-only

but I can't remove those two apps.

error: %preun(app-netify-fwa-core-1:2.3.2-1.v7.noarch) scriptlet failed, signal 2

Error in PREUN scriptlet in rpm package 1:app-netify-fwa-core-2.3.2-1.v7.noarch

How does one go about determining all the pieces of this app that were installed so I can manually delete the files?

Figured it out.

rpm -ql app-netify-fwa-core-2.3.2-1.v7.noarch

listed all the installed files. These were removed manually.

Then I ran

yum remove netify*

which removed everything else. It looks like it also cleaned up the turds in yum from app-netify-fwa-core.

Thanks again for all your help Nick.