Modify

Opened 5 years ago

Closed 5 years ago

#13206 closed defect (duplicate)

/etc/firewall.user not read on boot

Reported by: Robert Grønning Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: packages Version: Trunk
Keywords: firewall Cc: it@…

Description

BusyBox v1.19.4 (2013-03-18 13:21:50 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

_

| |.-----.-----.-----.| | | |.----.| |_

| - |_
_ | -| | | _ _|
|_||| ||

|| W I R E L E S S F R E E D O M

-----------------------------------------------------
BARRIER BREAKER (Bleeding Edge, r36083)
-----------------------------------------------------

  • 1/2 oz Galliano Pour all ingredients into
  • 4 oz cold Coffee an irish coffee mug filled
  • 1 1/2 oz Dark Rum with crushed ice. Stir.
  • 2 tsp. Creme de Cacao

-----------------------------------------------------

root@OpenWrt:~# cat /etc/firewall.user
iptables -I zone_wan_input -p tcp -m tcp --dport 21 -j ACCEPT
iptables -I zone_wan_input -p tcp -m tcp --dport 22 -j ACCEPT
iptables -I zone_wan_input -p udp -m udp --dport 161 -j ACCEPT
iptables -I zone_wan_input -p tcp -m tcp --dport 5666 -j ACCEPT
root@OpenWrt:~# grep firewall.user /etc/config/firewall

option path /etc/firewall.user

root@OpenWrt:~# iptables --list-rules|grep 22
root@OpenWrt:~# /etc/firewall.user
root@OpenWrt:~# iptables --list-rules|grep 22
-A zone_wan_input -p tcp -m tcp --dport 22 -j ACCEPT
root@OpenWrt:~# ls -l /etc/firewall.user
-rwx------ 1 root root 251 Mar 19 10:20 /etc/firewall.user

Attachments (0)

Change History (3)

comment:1 Changed 5 years ago by Robert Grønning

It seems like the problem occurs when "/etc/init.d/firewall reload" (fw3 reload) is used, it works fine if "/etc/init.d/firewall stop" and "/etc/init.d/firewall start" is used.

root@OpenWrt:~# /etc/init.d/firewall stop
Warning: Unable to locate ipset utility, disabling ipset support

  • Flushing IPv4 filter table
  • Flushing IPv4 nat table
  • Flushing IPv4 mangle table
  • Flushing IPv4 raw table

Warning: Unable to execute ip6tables-restore

  • Flushing conntrack table ...

root@OpenWrt:~# /etc/init.d/firewall start
Warning: Unable to locate ipset utility, disabling ipset support

  • Populating IPv4 filter table
    • Zone 'lan'
    • Zone 'wan'
    • Rule 'Allow-DHCP-Renew'
    • Rule 'Allow-Ping'
    • Forward 'lan' -> 'wan'
  • Populating IPv4 nat table
    • Zone 'lan'
    • Zone 'wan'
  • Populating IPv4 mangle table
  • Populating IPv4 raw table

Warning: Unable to execute ip6tables-restore

  • Set tcp_ecn to off
  • Set tcp_syncookies to on
  • Set tcp_window_scaling to on
  • Running script '/etc/firewall.user'

root@OpenWrt:~# iptables --list-rules|grep 22
-A zone_wan_input -p tcp -m tcp --dport 22 -j ACCEPT
root@OpenWrt:~# /etc/init.d/firewall reload
Warning: Unable to locate ipset utility, disabling ipset support

  • Clearing IPv4 filter table
  • Clearing IPv4 nat table
  • Clearing IPv4 mangle table
  • Clearing IPv4 raw table
  • Populating IPv4 filter table
    • Zone 'lan'
    • Zone 'wan'
    • Rule 'Allow-DHCP-Renew'
    • Rule 'Allow-Ping'
    • Forward 'lan' -> 'wan'
  • Populating IPv4 nat table
    • Zone 'lan'
    • Zone 'wan'
  • Populating IPv4 mangle table
  • Populating IPv4 raw table

Warning: Unable to execute ip6tables-restore

  • Set tcp_ecn to off
  • Set tcp_syncookies to on
  • Set tcp_window_scaling to on

root@OpenWrt:~# iptables --list-rules|grep 22
root@OpenWrt:~#

And I can see in logread that firewall was reloaded on boot because of changing interfaces.

comment:2 Changed 5 years ago by Robert Grønning

I see this is a duplicate report to ticket 13138.

comment:3 Changed 5 years ago by jow

  • Resolution set to duplicate
  • Status changed from new to closed

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.