Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#13654 closed defect (wontfix)

Reloading firewall clears out

Reported by: anonymous Owned by: developers
Priority: high Milestone: Attitude Adjustment 12.09.1
Component: packages Version: Attitude Adjustment 12.09
Keywords: firewall iptables Cc:


This is reproducible on r36855. I have custom rules in /etc/firewall.user that adds my own rules into chain "forwarding_lan_rule". However that chain is cleared out when firewall reloads. It happens during startup on the system log:

Jun  6 00:18:23 nrouter kern.notice firewall: Reloading firewall due to ifup of wan (eth1)
Jun  6 00:18:27 nrouter kern.notice firewall: Reloading firewall due to ifup of henet (6in4-henet)

I can say manually for example add this rule forwarding_lan_rule

iptables -t filter -A forwarding_lan_rule -d -j reject

If I stop and start any wan interfaces, forwarding_lan_rule will be cleared off. Is this normal because there will be no way of adding custom rules forwarding lan rules if it gets erased.

Attachments (0)

Change History (3)

comment:1 Changed 5 years ago by jow

  • Resolution set to wontfix
  • Status changed from new to closed

This is because you're referencing an internal chain (reject). Any rule referencing internal chains is deleted by fw3 in order to be able to rebuild those. Use -j REJECT instead of -j reject and your rules will stay.

Last edited 5 years ago by jow (previous) (diff)

comment:2 Changed 5 years ago by anonymous

Thanks, that fixed the problem.

comment:3 Changed 5 years ago by jow

After the update in r36871 you can use "reject" in custom rules again, the chain will be preserved on reload. Dynamic chains like zone_wan_input will still trigger a deletion though, but that is intentional.

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.