Failed to start firewalld service unit is masked – How we fix it!

 

by Adarsh M | Jan 23, 2020

Are you stuck with failed to start firewalld service unit is masked? We can help you fix it.

Masking the firewall service will stop it from automatically starting.

Here at Bobcares, we often receive requests regarding firewalld as a part of our Server Management Services.

Today, let’s see how our Support Engineers fix the errors related to firewalld.

 

Causes for failed to start firewalld service unit is masked

We mask the firewall to prevent the firewall from starting from other services.

This error occurs when we try to enable the firewalld that is masked.

The error can also occur if the mask symbolic link is broken.

We resolve the error by unmasking the firewalld and starting the service.

 

How to fix failed to start firewalld service unit is masked?

Recently one of our customers contacted us saying he was unable to enable firewalld in the server. And also was getting the same error.

Now let’s discuss how our Support Engineers resolve the error for our customers.

 

Unmask

On analyzing the firewalld service we found a mask firewall set. Thus to resolve the error we unmask the firewalld service. We can enable the firewall service if it is not masked.

To unmask the service we use the command

systemctl unmask --now firewalld

After executing the command we get the output as

Now we enable the firewalld service using the command

systemctl enable firewalld

Finally, we start the firewalld service using the command

systemctl start firewalld

 

Mask link is broken

One of the common reasons for the error is when starting the service the masked link is broken. Thus we need to link the mask location once again to resolve the error.

To unmask the service we use the command.

systemctl unmask firewalld

Thus, if the service still fails to unmask we need to manually mask it first. The location will change based on the Linux flavors.

ln -s /etc/systemd/system/firewalld.service /dev/null

Thus we unmask it. Then we start the service using the command

systemctl start firewalld

Finally, we find the status using

firewall-cmd --state

 

Failed to start firewalld service

If the above solution did not fix the error. We need to analyze the logs to determine more details about the error.

Our Support Engineers find more information using the command

systemctl status firewalld.service

We find further information from journalctl -xn

Thus, our Support Engineers find the reason for the error and resolve the error accordingly.