Modify

Opened 6 years ago

Last modified 4 years ago

#10826 new defect

penultimate FW Rule duplicated if last rule disabled ...

Reported by: zzz2002@… Owned by: developers
Priority: response-needed Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: Cc:

Description

the next to last FW Rule show up as duplicated if the last rule disabled. the attached files will I hope show the problem.

I have also seen an instance where a rule is missed when the next rule is disabled. I have no documentation for this problem and I have had trouble duplicating it. But I have seen it at least three times, but unfortunately I cannot duplicate it.

Attachments (5)

firewall (4.2 KB) - added by zzz2002@… 6 years ago.
Firewall config
fw_prob_iptables_out_0.txt (5.2 KB) - added by zzz2002@… 6 years ago.
iptables -S
fw_prob_iptables_out_1.txt (11.8 KB) - added by zzz2002@… 6 years ago.
iptables -line-numbers -L
fw_prob_iptables_out_2.txt (1.1 KB) - added by zzz2002@… 6 years ago.
iptables -line-numbers -L zone_wan_forward
fw_trace.log (27.1 KB) - added by John Allen <zzz2002@…> 6 years ago.
iptbles reload trace

Download all attachments as: .zip

Change History (14)

Changed 6 years ago by zzz2002@…

Firewall config

Changed 6 years ago by zzz2002@…

iptables -S

Changed 6 years ago by zzz2002@…

iptables -line-numbers -L

Changed 6 years ago by zzz2002@…

iptables -line-numbers -L zone_wan_forward

comment:1 Changed 6 years ago by zzz2002@…

Sorry I should have pointed out the offending lines.

zone_wan_forward line 9-10 duplicate lines 7 -8

comment:2 Changed 6 years ago by jow

  • Priority changed from normal to response-needed

You have two networks in wan so you probably got one rule for each iface.
Please include iptables dumps including the interface names.

comment:3 Changed 6 years ago by John Allen <zzz2002@…>

I would agree with you except, that if I enable the last rule then the duplication goes away.

iptables dumps?

I have already attached iptables -S and -L including a -L of just the wan forward zone.

comment:4 Changed 6 years ago by John Allen <zzz2002@…>

Just in case it of any use I did a reload with FW_TRACE=1.

I have added the file to the attachments as fw_trace.log.

Changed 6 years ago by John Allen <zzz2002@…>

iptbles reload trace

comment:5 Changed 6 years ago by John Allen <zzz2002@…>

I originally thought that this only occured with the last two FW rules.
But I am seeing this whenever a rule if disabled.

comment:6 Changed 4 years ago by anonymous

John what OpenWRT revision are you getting this bug?

comment:7 Changed 4 years ago by zzz2002

I thought this ticket had been closed some time ago.
As to which revision, I am sorry but I do not remember, it was 22 months ago.

Last edited 4 years ago by zzz2002 (previous) (diff)

comment:8 Changed 4 years ago by zzz2002

can we set this to closed!

comment:9 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.