www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Web gui not deleting firewall rules

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
AtroposX



Joined: 26 Nov 2008
Posts: 158
Location: USA

PostPosted: Tue Mar 23, 2010 8:11 pm    Post subject: Web gui not deleting firewall rules Reply with quote

I think I remember reading about this before but not sure. I had 60 firewall rules, and didn't need the last 4, so I deleted them, but when I saved they returned in the web gui.

But, when clicking the view button, those rules were not active.

But, when running an iptables-save, the rules showed up, and were active.

I ended up doing an iptables -D "the rule" to clear it from iptables-save, and it did not exist anymore in the web gui, iptables-save, and were not effecting live traffic.

Using 1.0 beta 12
Back to top
View user's profile Send private message
AtroposX



Joined: 26 Nov 2008
Posts: 158
Location: USA

PostPosted: Tue Mar 23, 2010 9:48 pm    Post subject: Reply with quote

I found that I can go to

/var/register/system/net/FW/Chains/QoS/Rules
rm -rf 002 (or what ever rule #)

and delete the rules to make them go away on the web gui.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Wed Mar 24, 2010 7:32 am    Post subject: Reply with quote

I remember the post, but it had to do with entries more than the Web GUI can handle.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
AtroposX



Joined: 26 Nov 2008
Posts: 158
Location: USA

PostPosted: Wed Mar 24, 2010 12:20 pm    Post subject: Reply with quote

Yup, this was in the gui, I had 60. Sorry if I wasn't clear. Had 60, deleted the last four, then saved, and they came back. If I disabled them and saved, it kept them as disabled, and if I re-enabled them, then saved, they were active again, but after deleting and saving again, they came back.

Then to make it even more strange, I had 60 active rules once, then lowered it to 16, by deleting the others, 17-60, didn't save until all 17-60 were deleted, then saved, the old 17th one, repeated itself from 17-60. I had my good active 1-16, and 17-60 were all the same, and I couldn't delete 17-60 with the gui. The console displayed on 17 though, the 16 good ones, and the 17th one that repeated itself in the gui, but only displayed as one active one in the console.

It appears I can add however many from the console/ssh, add/remove etc, but the gui must have a capacity of 60. If I removed from...

/var/register/system/net/FW/Chains/QoS/Rules
rm -rf 002 (or what ever rule #)

then it will disappear on the gui and the console.
Back to top
View user's profile Send private message
AtroposX



Joined: 26 Nov 2008
Posts: 158
Location: USA

PostPosted: Wed Mar 24, 2010 12:23 pm    Post subject: Reply with quote

What would the difference be between

/var/register/system/net/FW/Chains/QoS/Rules

and /DB/_DB.001//var/register/system/net/FW/Chains/QoS/Rules

?

If i remove the rules from the /var/register/........ instead of the /DB/_DB.001/.......... will they come back after a reboot. I'd like whichever of the two will not be there on a reboot?
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Wed Mar 24, 2010 1:13 pm    Post subject: Reply with quote

Everything that resides on /DB is stuff that remain after the reboot.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
AtroposX



Joined: 26 Nov 2008
Posts: 158
Location: USA

PostPosted: Wed Mar 24, 2010 1:17 pm    Post subject: Reply with quote

Thank you.
Back to top
View user's profile Send private message
AtroposX



Joined: 26 Nov 2008
Posts: 158
Location: USA

PostPosted: Fri Jul 09, 2010 4:23 pm    Post subject: Reply with quote

Just an update on this in comparing beta12 to 13. In beta12, i could add more than 60 fine, but once saving, there will be only 60 displayed in the gui.

Now in beta 13, i can add more than 60, save, and all will be there, and be active. At least they can be added, as compared to beta12, they wouldn't display on the gui at all after saving. But, in beta13, if deleting any, once there's 60 or more, and saving, they won't delete. If I have 70 rules, and delete 5, the 70 will still be shown on the gui once after saving. To delete you need to delete what you'd like, not save, go to the /DB to the Rules, rm -rf the selected rules, then save in the gui, then they will be deleted in the gui/console.
Back to top
View user's profile Send private message
AtroposX



Joined: 26 Nov 2008
Posts: 158
Location: USA

PostPosted: Tue Aug 17, 2010 5:54 pm    Post subject: Reply with quote

Does anyone else experience this problem, or perhaps not enough people have close to 50-60 rules, that they don't notice it? I'd really like to put much more than 60 in, using the web interface, that's one of Zeroshell's greatest features, its gui for iptabels. I can use manual additions to the FW Rules directory, but it's tedious due to there being multiple directories for one rule i.e, FIN, NEW, Opt, DestinationIP, DSCP, etc. Does anyone know where the scripts are that after applying changes to the web gui, it updates the gui and iptables, and I could try some troubleshooting?

Same thing happens in the QoS classifier sections as well. With two rules each to classify one subnet's upload and download, the classifier section can add up quickly, and become full. Same for the firewall section.
Back to top
View user's profile Send private message
ilNebbioso



Joined: 31 Mar 2009
Posts: 21

PostPosted: Tue Aug 06, 2013 10:29 pm    Post subject: Reply with quote

Also if this is a old thread, I have to give my experience with b15.

I found a very similar issue but, after deleted and saved, I experienced also lot of duplicated rules (and rules with conflicting commands too!). I'm not able to delete any rule.

I started experiencing the problem after I added about 60 new rules at older 15 and I needed to delete some of the new ones.

Can you please confirm me how to delete definitely these rules (also after reboots).

Thank you very much for your help and support.

Ps I opened a new thread on the Italian forum.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group