[FS#3520] Firewall rules not applied on boot

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Mon Dec 28 07:17:57 EST 2020 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

The following task has a new comment added:

FS#3520 - Firewall rules not applied on boot
User who did this - Dan Goodliffe (rascalDan)

----------
Update: restarting the service via SSH *does* appear to work (sometimes?)

After adjusting the quiet settings for the service, on boot the following is logged:
notice procd: /etc/rc.d/S19firewall: Warning: Failed to connect to ubus
notice procd: /etc/rc.d/S19firewall: Warning: Unable to locate ipset utility, disabling ipset support
notice procd: /etc/rc.d/S19firewall: Warning: Section @zone[0] (lan) cannot resolve device of network 'lan'
notice procd: /etc/rc.d/S19firewall: Warning: Section @zone[1] (wan) cannot resolve device of network 'wan'
notice procd: /etc/rc.d/S19firewall: Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
notice procd: /etc/rc.d/S19firewall: Warning: Section @zone[1] (wan) cannot resolve device of network 'plusnet'
notice procd: /etc/rc.d/S19firewall:  * Set tcp_ecn to off
notice procd: /etc/rc.d/S19firewall:  * Set tcp_syncookies to on
notice procd: /etc/rc.d/S19firewall:    ! Unable to write value: No such file or directory
notice procd: /etc/rc.d/S19firewall:  * Set tcp_window_scaling to on
notice procd: /etc/rc.d/S19firewall:  * Running script '/etc/firewall.user'

Restarting the service over SSH logs (to the console):
root at openwrt:~# /etc/init.d/firewall restart
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan'
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Populating IPv4 filter table
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Redirect 'HTTP'
   * Redirect 'HTTPS'
   * Redirect 'SMTP'
   * Redirect 'IMAPS'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 nat table
   * Redirect 'HTTP'
   * Redirect 'HTTPS'
   * Redirect 'SMTP'
   * Redirect 'IMAPS'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
   ! Unable to write value: No such file or directory
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'

----------

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3520#comment9223

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the openwrt-bugs mailing list