Modify

Opened 6 years ago

Closed 6 years ago

Last modified 4 years ago

#10696 closed defect (fixed)

luci display of firewall rule fails

Reported by: Alfred Ganz <alfred-ganz+openwrt@…> Owned by: jow
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: luci display firewall rules Cc:

Description (last modified by jow)

I just upgraded my system (bleeding edge, r29614)
openwrt-ar71xx-generic-wzr-hp-g300nh-squashfs-sysupgrade.bin.
I have an IPv6 firewall rule to allow incoming smtp traffic, I can
create it both by editing /etc/config/firewall or with luci and it
shows properly with the command ip6tables -L -v, and with luci under
status->firewall->IPv6. However, when attempting to change firewall
rules with this rule present under luci, I get the following error:

Location: http://dsl-router/cgi-bin/luci/;stok=d1ab6a09a7306636fb86f0118cbf214f/admin/network/firewall/rules/
Line Number 861, Column 57:
/usr/lib/lua/luci/dispatcher.lua:195: in function </usr/lib/lua/luci/dispatcher.lua:194></pre>

Here is the firewall rule that causes the error:

config 'rule'                                     
        option 'name' 'Allow-smtp'                
        option 'src' 'wan'                        
        option 'dest' 'lan'                       
        option 'proto' 'tcp'                      
        option 'dest_port' '25'                   
        option 'family' 'ipv6'                    
        option 'target' 'ACCEPT'                  
        option 'dest_ip' '2001:470:8ca8:2:211:5bff:fed8:8ad6'

Please let me know if I can be of further help, AG

Attachments (0)

Change History (5)

comment:1 Changed 6 years ago by jow

  • Owner changed from developers to jow
  • Status changed from new to accepted

S a temporary workaround try adding /128 to the ipv6 address, that'll most likely fix it. Its an issue with LuCIs ip address parser

comment:2 Changed 6 years ago by Alfred Ganz <alfred-ganz+openwrt@…>

Just tried adding /128 to the IPv6 address again, stopped and started uhttpd, I have the
same failure in luci->network->Traffic Rules:
XML Parsing Error: not well-formed
Location: http://dsl-router/cgi-bin/luci/;stok=987c3a26bb742463e3517d77d4dc036e/admin/network/firewall/rules/
Line Number 757, Column 57: /usr/lib/lua/luci/dispatcher.lua:195: in function </usr/lib/lua/luci/dispatcher.lua:194></pre>

BTW, the much improved display of the list of icmp-type's is nice, but I have to remove
my smtp rule to see it!
Thanks for your looking into this, let me know if I should try something else! AG

comment:3 Changed 6 years ago by jow

  • Description modified (diff)

comment:4 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from accepted to closed

Fixed with http://luci.subsignal.org/trac/changeset/8139. You can patch it on the device with

wget -O/usr/lib/lua/luci/tools/firewall.lua http://luci.subsignal.org/trac/export/8139/luci/trunk/applications/luci-firewall/luasrc/tools/firewall.lua

comment:5 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.