Hi David,
You've posted into an old thread. There used to be a sticky on the forum about the for quite a while around when 7.7 was released. Marketplace apps stopped using QoS last summer in preparation for dropping IMQ support.

David Smith wrote:

After months of absolutely flawless service, my gateway server has fallen over - I was going to start a new topic - but see this one is exactly the same even though 3 years old, and I saw no resolution on this:

This is the first restart I have done in 120 days, the firewall has been working perfectly ... now I restarted and firewall is in panic mode and won't come out.

I tried downgrade to the previous kernel version to no avail ...

uname -r

yields:

3.10.0-1062.9.1.el7.x86_64

app-qos is not installed.

output of

firewall-start -d

is attached.

I'd appreciate any help getting this sorted - our entire mail server is down.

Thanks...

I'll answer my own queston as it may help others too :

the answer was in the message I guess:

Error: /usr/clearos/apps/firewall/deploy/firewall.lua:3079: Unable to commit: mangle: No chain/target/match by that name.

firewall: Initializing bandwidth manager

firewall: Creating 4 IMQ interface(s)...

firewall: /sbin/modprobe imq numdevs=4 >/dev/null 2>&1 = 256

firewall: iptables -t mangle -A POSTROUTING -o eth2 -j IMQ --todev 0

firewall: iptables -t mangle -A POSTROUTING -o eth3 -j IMQ --todev 1

firewall: Upstream WAN => IMQ interface map:

firewall:    0:                 eth2 => imq0

firewall:    1:                 eth3 => imq1

firewall: iptables -t mangle -A PREROUTING -i eth2 -j IMQ --todev 2

firewall: iptables -t mangle -A PREROUTING -i eth3 -j IMQ --todev 3

firewall: Downstream WAN => IMQ interface map:

firewall:    0:                 eth2 => imq2

firewall:    1:                 eth3 => imq3

Browsing the content of my firewall.txt file for mangle, I found it came after the bandwidth manager started - and in there were references to eth2 and eth3 which are ghosts from my revious mail server running ver 6.x.

I removed the bandwidth manager app and now firewall started up normally again... a few grey hairs and on we go.

After months of absolutely flawless service, my gateway server has fallen over - I was going to start a new topic - but see this one is exactly the same even though 3 years old, and I saw no resolution on this:

This is the first restart I have done in 120 days, the firewall has been working perfectly ... now I restarted and firewall is in panic mode and won't come out.

I tried downgrade to the previous kernel version to no avail ...

uname -r

yields:

3.10.0-1062.9.1.el7.x86_64

app-qos is not installed.

output of

firewall-start -d

is attached.

I'd appreciate any help getting this sorted - our entire mail server is down.

Thanks...

If the old kernel is still installed, during the first few seconds of booting you get the option to select a different kernel.

Before you do that, please can you do as suggested earlier in the thread and start the firewall in debug mode then produce the output? I think the team really need some help from users to debug this one as it is not the first occurrence.

Tony Ellis wrote:

what does "uname -r" show, as Nick suggested... Maybe you are on the latest kernel :-)

3.10.0-327.10.1.v7.x86_64

Maybe that is the problem. The new kernel...
In the first post Fred wrote: I started the server with kernel 3.10.0-229.7.2.v7.x86_64 instead of kernel x86_64 3.10.0-327.10.1.el7 and the server is starting normal with no errors in the system log and the internet connection is restored

How can I change to old kernel?

what does "uname -r" show, as Nick suggested... Maybe you are on the latest kernel :-)

I did "yum update" and "yum update kernel" and both times I get: No packages marked for update

OT Hi Nick - morning, I posted at 9:21 AM

Flash wrote:No, I didn't update kernel jet. How can I do that?

Do a "yum update" then reboot. Then check the result of "uname -r". I think the latest version is 3.10.0-327.10.1.v7.

[edit]
Posts crossed. Have you yet gone to bed, Tony, or is it already Thursday morning for you?
[/edit]

Flash
https://www.clearos.com/resources/documentation/clearos/content:en_us:7_ug_software_updates

or from the command line...

# yum update kernel*

@ Tony

No, I didn't update kernel jet. How can I do that?
And no, I didn't sent the output of my firewall to clear jet. I will try to update the kernel first. I did have some custom rules, but I removed it all, and still the "panic mode" was there. I didn't find any clue where it goes wrong...

@ Flash you wrote

new install from 2-3 days ago

The .iso doesn't include the latest kernel - did you upgrade to the latest kernel as well as install the many updates to other packages?
Did you send the output to clear? If you are not sure how to create a file from the output...
# firewall-start -d 2> firewall.txt
I thought of including mine in this append (which is clean) but at 167 lines long - rather big. Does your output provide a clue where it is going wrong? Have you created any custom rules?

@ Flash you wrote

new install from 2-3 days ago

The .iso doesn't include the latest kernel - did you upgrade to the latest kernel as well as install the many updates to other packages?
Did you send the output to clear? I have attached mine as a comparison... If you are not sure how to create a file from the output...
# firewall-start -d 2> firewall.txt

@ Tony I'm running Clearos 7.2 Community, new install from 2-3 days ago, before that I was using very old 5.2 and everything was working like a charm In 7.2 every day a new problem
After I had run this: firewall-start -d also snort and snortsam arent working anymore and one the left, a red warning: Additional Info Connection failure.
I can't connect to Marketplace anymore, it says: DNS lookup failed. I have tryed many different DNS, and nothing changes...

@ Ben I had QoS instaled, but I didn't use it. I use the old Bandwidth Manager, because it's better. I have now removed the QoS with: yum remove app-qos and it is still the same...

@Flash...are you using the QoS app? Pete and Darryl just tracked down an issue...it is fixed in the non-verified repos, but if you just registered your system within the last 30 days or are running Home or Business, you wouldn't have the update automatically yet:

yum --enablerepo=clearos-updates upgrade app-qos

Should update you to version 2.1.9.

Does that help?

B.

Flash, Are you running the latest kernel? If not upgrade. If you are running the latest kernel, or upgrade to it and still having problems - the see Peter Baldwin's append below is this same thread where he requested :-

It's always hard debugging something when we are unable to duplicate the issue. If someone can duplicate the firewall panic with the latest kernel - 3.10.0-327.10.1.v7 - could you run the firewall in debug mode:

firewall-start -d

And then send the output to developer@clearfoundation.com?

Hello

I have a similar problem:

firewall: Error: /usr/clearos/apps/firewall/deploy/firewall.lua:3079: Unable to commit: filter: Resource temporarily unavailable.
firewall: Running firewall panic mode...

What can be wrong?

Thank you

I Downloaded the new clearos 7.2 ISO and did a clean install and updated to 3.10.0-327.10.1.v7.x86_64 without any problem, i can now reboot and have no firewall panics anymore

I Don't know what the difference's is between an upgraded 7.1 to 7.2 and the new 7.2 ISO but it all seems to work

I did some further testing and found that if i reboot the system it gives firewall panics with kernel-3.10.0-327.10.1.v7,
and when i power down and then start my server its all oke, no firewall panics
For now it works, and i placed the old kernel as default in grub, if for some reason the server reboots,

It's always hard debugging something when we are unable to duplicate the issue. If someone can duplicate the firewall panic with the latest kernel - 3.10.0-327.10.1.v7 - could you run the firewall in debug mode:

firewall-start -d

And then send the output to developer@clearfoundation.com?

Hey Nick,

i reinstalled my server last weekend and after some updates the firewall was in panic mode again, this time the kernel was : kernel-3.10.0-327.3.1.el7
No repos where enabled just the default, i went back to the default kernel (kernel 3.10.0-229.7.2.v7.x86_64) which came with the installation and all was fine
Today, march 8 there where some updates including kernel-3.10.0-327.10.1.v7 which is the same is the post, so i rebooted into the new kernel and all was fine but i noticed that the httpd service was not started.
i started the httpd service and rebooted and the firewall panics came back.
So i went back to kernel 3.10.0.229.

the server is on Clearos Home 7.2 final

my output from yum repolist :

Loading mirror speeds from cached hostfile
* clearos: www.mirrorservice.org
* clearos-centos-verified: mirror1-london.clearos.com
* clearos-contribs: www.mirrorservice.org
* clearos-contribs-paid: mirror1-london.clearos.com
* clearos-epel-verified: mirror1-london.clearos.com
* clearos-fast-updates: download2.clearsdn.com
* clearos-infra: www.mirrorservice.org
* private-clearcenter-antimalware: download2.clearsdn.com:80
* private-clearcenter-antispam: download4.clearsdn.com:80
* private-clearcenter-content-filter: download4.clearsdn.com:80
* private-clearcenter-dyndns: download4.clearsdn.com:80
* private-clearcenter-home: download2.clearsdn.com:80
* private-clearcenter-ids: download2.clearsdn.com:80
* private-clearcenter-owncloud: download4.clearsdn.com:80
* private-clearcenter-rbs: download4.clearsdn.com:80
* private-clearcenter-verified-updates: download4.clearsdn.com:80
* private-clearcenter-zarafa-community: download2.clearsdn.com:80

What is the output of "yum repolist"? 3.10.0-327.10.1.el7.centos.plus is in centosplus-unverified which should not be enabled. If you enable it you are flying on your own.