How can I debug firewalld on CentOS 7 stopping running unexpectedly?

Question

I have a brand new CentOS 7 server and am just performing the initial setup.

I have started firewalld with

sudo systemctl enable firewalld
sudo systemctl start firewalld

both commands appeared to run successfully

Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service. Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.

and the systemctl status command shows

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since WHENEVER

however, all morning there have been moments when checking in with systemctl status shows

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)

I could understand the service having crashed, for example, but can anyone help me debug how it is being both stopped and disabled at arbitrary intervals?

Answer 1

I don't have enough reputation yet to post a comment, but that was the idea.

Did you take a look at the firewalld logs ? I believe they are located in /var/log/firewalld.

If you don't find useful information in here, you could try to increase debug of the service by editing the /etc/sysconfig/firewalld file:

 FIREWALLD_ARGS=--debug=10

This was suggested in this post.

Answer 2

To help anyone else suffering a similar problem, this was a case where the hosting provider automatically disabled any user attempts to set up firewalls on the VM.

As per this comment, the solution was simply to open a support request with the host.