Skip to content

Firewall detection broken on Fedora/RHEL #12

New issue
New issue
Open
Open
Firewall detection broken on Fedora/RHEL#12
@keyxmakerx

Description

@keyxmakerx
keyxmakerx
opened on Feb 1, 2026

Bug Description

Firewall detection silently fails on any non-Debian system. Two root causes: (1) dpkg calls in _check_firewalld() and _check_ufw() are not wrapped in a try/except, so FileNotFoundError on Fedora/RHEL kills the entire method before the binary path fallback check runs. (2) Several firewall-cmd query commands are missing sudo, causing "Authorization failed" when the backend runs as a non-root user. The rule-manipulation commands already use sudo — only the query commands were missed (--state, --get-default-zone, --list-services, --list-ports, --list-rich-rules, --get-zones, --zone= --list-all).
Steps to Reproduce

Deploy ServerKit on Fedora 43 (or any RHEL-based system)
Run the backend as a non-root user (standard systemd deployment)
Open the Firewall panel in the UI

Expected Behavior

Firewall panel detects firewalld, displays current zones and rules, and allows rule management.
Actual Behavior

Panel shows "No firewall detected". API returns {"success": false, "error": "No firewall detected"} on /api/v1/firewall/rules.
Environment

LogTide Version:
Deployment Type: Self-hosted
OS: Fedora 43
Browser (if applicable): Firefox 121
Docker Version (if self-hosted):

Logs/Screenshots

Failed to load rules: Error: No firewall detected
handleResponse https://dnsdashboard.bnuuy.haus/assets/index-DZuh55VW.js:1

Running firewall-cmd as non-root without sudo:

$ firewall-cmd --state
Authorization failed.
Make sure polkit agent is running or run the application as superuser.

Confirmed firewalld is running:

$ sudo firewall-cmd --state
running
Additional Context

The dpkg binary does not exist on Fedora/RHEL. When subprocess.run(['dpkg', ...]) is called without a try/except, it throws FileNotFoundError, which is caught by the outer except Exception block in each method — returning installed: False before the binary path check (os.path.exists('/usr/sbin/firewall-cmd')) ever runs. This affects both _check_firewalld() and _check_ufw(). The missing sudo on query commands is a secondary issue that surfaces once detection is fixed — firewall-cmd requires root on Fedora for all operations, not just rule changes.
Contribution

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions