Failure file /var/run/anon-firewall/failed.status exists!

whonix 14, testing repos , standaloneVM:

after the latest upgrades this message popped up:

ERROR: whonix_firewall failed to load! 

The whonix_firewall failed to load for some reason. This could be due to the firewall being mis-configured or race-condition. Try restarting the VM to see if this error persists. 

Failure file /var/run/anon-firewall/failed.status exists! 

output of systemctl status whonix-firewall: 

######################################## 
● whonix-firewall.service - Whonix firewall loader
Loaded: loaded (/lib/systemd/system/whonix-firewall.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2018-11-16 14:57:33 UTC; 2s ago
Docs: https://www.whonix.org/wiki/Whonix_Firewall
Main PID: 32609 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/whonix-firewall.service 
######################################## 

To see this for yourself... 
1. Open a terminal. (dom0 -> Start Menu -> Domain: --- -> Terminal) 
2. Run. 
systemctl status whonix-firewall

2. Also see. 
sudo journalctl -u whonix-firewall | cat

3. Try to manually start Whonix firewall. 
sudo whonix_firewall
If you know what you are doing, feel free to disable this check. Create a file /etc/whonix.d/50_whonixcheck_user.conf and add: 
whonixcheck_skip_functions+=" check_whonix_firewall_systemd_status "
2 Likes

Possibly a follow up issue of this:

Which raises priority of above.

Does this warning vanish after reboot of Whonix VMs?

2 Likes

Output of

sudo journalctl -u whonix-firewall | cat

could help to confirm if this is the same as iptables v1.6.0: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded.

yep it did.

user@host:~$ sudo journalctl -u whonix-firewall | cat
-- Logs begin at Sat 2018-11-17 12:57:48 UTC, end at Sat 2018-11-17 12:58:27 UTC. --
Nov 17 12:57:55 host systemd[1]: Starting Whonix firewall loader...
Nov 17 12:57:55 host enable-firewall[438]: OK: Loading Whonix firewall...
Nov 17 12:57:55 host enable-firewall[438]: OK: Skipping firewall mode detection since already set to 'full'.
Nov 17 12:57:55 host enable-firewall[438]: OK: (Full torified network access allowed.)
Nov 17 12:57:55 host enable-firewall[438]: OK: TOR_USER: 112
Nov 17 12:57:55 host enable-firewall[438]: OK: CLEARNET_USER: 106
Nov 17 12:57:55 host enable-firewall[438]: OK: USER_USER: 1000
Nov 17 12:57:55 host enable-firewall[438]: OK: ROOT_USER: 0
Nov 17 12:57:55 host enable-firewall[438]: OK: TUNNEL_USER: 107
Nov 17 12:57:55 host enable-firewall[438]: OK: SDWDATE_USER: 110
Nov 17 12:57:55 host enable-firewall[438]: OK: WHONIXCHECK_USER: 109
Nov 17 12:57:55 host enable-firewall[438]: OK: NO_NAT_USERS:  106 107 112
Nov 17 12:57:55 host enable-firewall[438]: OK: The firewall should not show any messages,
Nov 17 12:57:55 host enable-firewall[438]: OK: besides output beginning with prefix OK:...
Nov 17 12:57:55 host enable-firewall[438]: OK: Whonix firewall loaded.
Nov 17 12:57:55 host systemd[1]: Started Whonix firewall loader.
user@host:~$ 


2 Likes