[FS#3520] Firewall rules not applied on boot (Attachment added)

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Fri Dec 18 10:25:19 EST 2020 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - Dan Goodliffe (rascalDan) 

Attached to Project - OpenWrt/LEDE Project
Summary - Firewall rules not applied on boot
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - openwrt-19.07
Due in Version - Undecided
Due Date - Undecided
Details - Generally speaking everything works absolutely fine (loving openwrt so far!) except for the small detail that after the system has booted, there are no firewall rules, at all.

The LAN link comes, the PPPOE connection to my ISP comes, and openwrt can talk out to the internet, but nothing else on the network can (no NAT, masqurading etc gets configured)

If I log into the LuCI interface, go the firewall status page, it's empty apart from the headings. Click restart firewall, everything appears and all the expected networking functionality across the network words just fine. It continues to work just fine until it's rebooted... same problem... same solution.

I've tried restarting the firewall service over SSH using
  /etc/init.d/firewall restart

But this oddly had no effect... might be a timing thing as I believe this is exactly what the LuCI interface does, but that takes me slightly longer to achieve.

Supply the following if possible:
 - Device problem occurs on:

  * systemd 247 on Linux 5.4.80
  * nspawn container running openwrt-x86_64

 - Software versions of OpenWrt/LEDE release, packages, etc.

  * LuCI openwrt-19.07 branch (git-20.348.38488-caae7ad) / OpenWrt 19.07.5 r11257-5090152ae3

 - Steps to reproduce

  * machinectl import-tar openwrt-19.07.5-x86-64-generic-rootfs.tar.gz openwrt
  * Configure some network (in my case, changed the lan interface name from eth0 to host0 as provided by nspawn and add PPPOE connection)
  * View firewall status

It may be that *some* firewall rules should be present without any non-default configuration, I'm new to openwrt, so I didn't realise the problem until I got this far and networking wasn't working as I expected.

A copy of the firewall configuration and network configuration (username/password for ISP redacted) are attached.

A copy of the system log is attached, although I don't see anything jumping out as problematic. kernel log is empty, which I presume is expected as this is a container. Happy to provide more logs/configurations to anyone who can make use of them.
 

One or more files have been attached.

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3520

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the openwrt-bugs mailing list