Failed to start firewalld service unit is masked – How we fix it!

This article deal with if the firewalld service unit is masked and failed to start.

Causes for failed to start firewalld service unit is masked

We mask the firewall to prevent the firewall from starting from other services.

This error occurs when we try to enable the firewalld that is masked.

The error can also occur if the mask symbolic link is broken.

We resolve the error by unmasking the firewalld and starting the service.

How to fix failed to start firewalld service unit is masked?

Recently one of our customers contacted us saying he was unable to enable firewalld in the server. And also was getting the same error.

Now let’s discuss how our Support Engineers resolve the error for our customers.

Unmask

On analyzing the firewalld service we found a mask firewall set. Thus to resolve the error we unmask the firewalld service. We can enable the firewall service if it is not masked.

To unmask the service we use the command

systemctl unmask --now firewalld

After executing the command we get the output as

Now we enable the firewalld service using the command

systemctl enable firewalld

Finally, we start the firewalld service using the command

systemctl start firewalld

Mask link is broken

One of the common reasons for the error is when starting the service the masked link is broken. Thus we need to link the mask location once again to resolve the error.

To unmask the service we use the command.

systemctl unmask firewalld

Thus, if the service still fails to unmask we need to manually mask it first. The location will change based on the Linux flavors.

ln -s /etc/systemd/system/firewalld.service /dev/null

Thus we unmask it. Then we start the service using the command

systemctl start firewalld

Finally, we find the status using

firewall-cmd --state

From the above steps and commands we will know how to unmask firewalld and to restart the service.