2

I have already install firewall (iptables) on a server Debian 8. The service is active but in (exited) state.

What does "Active: active (exited)" mean ? And how can i fix or change it into (running) ?

[root@fw-liv-1-new:~]# systemctl status firewall.service
● firewall.service - LSB: Start daemon at boot time
   Loaded: loaded (/etc/init.d/firewall)
   Active: active (exited) since dim. 2017-08-20 18:32:48 CEST; 11min ago

août 20 18:32:46 fw-liv-1-new firewall[623]: ---->Politiques par defaut DROP
août 20 18:32:47 fw-liv-1-new firewall[623]: ---->Chargement des regles LBN input
août 20 18:32:47 fw-liv-1-new firewall[623]: ---->Connexions locales
août 20 18:32:47 fw-liv-1-new firewall[623]: ---->Chargement des regles LBN input
août 20 18:32:47 fw-liv-1-new firewall[623]: ---->Chargement des regles LBN forward
août 20 18:32:48 fw-liv-1-new firewall[623]: ---->Execution de /etc/firewall/firewall_LBN.sh
août 20 18:32:48 fw-liv-1-new firewall[623]: ---->Regles filter INPUT
août 20 18:32:48 fw-liv-1-new firewall[623]: ---->Regles filter FORWARD
août 20 18:32:48 fw-liv-1-new firewall[623]: ---->Regles filter OUTPUT
août 20 18:32:48 fw-liv-1-new systemd[1]: Started LSB: Start daemon at boot time.

I also tried to stop/start firewall but status has not been changed. Could someone help me on this, please ?

nghluan1007
  • 29

1 Answers1

3
● firewall.service - LSB: Start daemon at boot time
   Loaded: loaded (/etc/init.d/firewall)
   Active: active (exited) since dim. 2017-08-20 18:32:48 CEST; 11min ago

You aren't using an explicitly written systemd service unit. You are using a unit generated by systemd-sysv-generator, from a van Smoorenburg rc script that has LSB header information. systemd-sysv-generator takes a one-size-fits-all approach, modified with some guesswork. van Smoorenburg rc scripts may or may not start long-running dæmon processes, may or may not employ PID files, and so forth. systemd-sysv-generator tries to generate service units that accommodate these possibilities.

The auto-generated service units have RemainAfterExit=true when generated from van Smoorenburg rc scripts with LSB information. So when the process executing the script exits, and does not leave any running processes behind the service is still considered "active", with the service process having exited.

This is of course the case for a service that just adjusts a few rules at startup and does not actually create a dæmon process, as is the case for your /etc/init.d/firewall script. Ironically, but sadly not unusually, the description on the LSB header in your van Smoorenburg rc script — "Start daemon at boot time" — is completely wrong for the firewall service. It does not do that at all.

Further reading

JdeBP
  • 68,745