Firewalld가 실행되지 않거나 crash 되었을 때,

Failed to start firewalld.service: Unit is masked

Fixed  Failed to start firewalld.service: Unit is masked

Trying to Setup firewall rules for Kubernetes

[root@k8-master-node ~]# firewall-cmd --add-masquerade --permanent
FirewallD is not running

[root@k8-master-node ~]# systemctl start firewalld
Failed to start firewalld.service: Unit is masked.

Fix 

[root@k8-master-node ~]# systemctl unmask firewalld
Removed symlink /etc/systemd/system/firewalld.service.

[root@k8-master-node ~]# systemctl status firewalld
â firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

May 09 05:09:40 k8-master-node systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit is masked.
[root@k8-master-node ~]# systemctl start firewalld
[root@k8-master-node ~]# systemctl status firewalld
â firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-05-09 06:41:25 UTC; 1s ago
     Docs: man:firewalld(1)
 Main PID: 4479 (firewalld)
   CGroup: /system.slice/firewalld.service


[root@k8-master-node ~]# firewall-cmd --add-masquerade --permanent
success
[root@k8-master-node ~]# firewall-cmd --add-port=10250/tcp --permanent
success
[root@k8-master-node ~]# firewall-cmd --permanent --add-port=6443/tcp
success
[root@k8-master-node ~]# firewall-cmd --permanent --add-port=2379-2380/tcp
success
[root@k8-master-node ~]# firewall-cmd --permanent --add-port=10250/tcp
Warning: ALREADY_ENABLED: 10250:tcp
success
[root@k8-master-node ~]# firewall-cmd --permanent --add-port=10251/tcp
success
[root@k8-master-node ~]# firewall-cmd --permanent --add-port=10252/tcp
success
[root@k8-master-node ~]# firewall-cmd --permanent --add-port=10255/tcp
success
[root@k8-master-node ~]# firewall-cmd --reload
success