Web gui not deleting firewall rules

Home Page Forums Network Management ZeroShell Web gui not deleting firewall rules

This topic contains 8 replies, has 0 voices, and was last updated by  AtroposX 5 years, 10 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #42297

    AtroposX
    Member

    I think I remember reading about this before but not sure. I had 60 firewall rules, and didn’t need the last 4, so I deleted them, but when I saved they returned in the web gui.

    But, when clicking the view button, those rules were not active.

    But, when running an iptables-save, the rules showed up, and were active.

    I ended up doing an iptables -D “the rule” to clear it from iptables-save, and it did not exist anymore in the web gui, iptables-save, and were not effecting live traffic.

    Using 1.0 beta 12

    #49931

    AtroposX
    Member

    I found that I can go to

    /var/register/system/net/FW/Chains/QoS/Rules
    rm -rf 002 (or what ever rule #)

    and delete the rules to make them go away on the web gui.

    #49932

    ppalias
    Member

    I remember the post, but it had to do with entries more than the Web GUI can handle.

    #49933

    AtroposX
    Member

    Yup, this was in the gui, I had 60. Sorry if I wasn’t clear. Had 60, deleted the last four, then saved, and they came back. If I disabled them and saved, it kept them as disabled, and if I re-enabled them, then saved, they were active again, but after deleting and saving again, they came back.

    Then to make it even more strange, I had 60 active rules once, then lowered it to 16, by deleting the others, 17-60, didn’t save until all 17-60 were deleted, then saved, the old 17th one, repeated itself from 17-60. I had my good active 1-16, and 17-60 were all the same, and I couldn’t delete 17-60 with the gui. The console displayed on 17 though, the 16 good ones, and the 17th one that repeated itself in the gui, but only displayed as one active one in the console.

    It appears I can add however many from the console/ssh, add/remove etc, but the gui must have a capacity of 60. If I removed from…

    /var/register/system/net/FW/Chains/QoS/Rules
    rm -rf 002 (or what ever rule #)

    then it will disappear on the gui and the console.

    #49934

    AtroposX
    Member

    What would the difference be between

    /var/register/system/net/FW/Chains/QoS/Rules

    and /DB/_DB.001//var/register/system/net/FW/Chains/QoS/Rules

    ?

    If i remove the rules from the /var/register/…….. instead of the /DB/_DB.001/………. will they come back after a reboot. I’d like whichever of the two will not be there on a reboot?

    #49935

    ppalias
    Member

    Everything that resides on /DB is stuff that remain after the reboot.

    #49936

    AtroposX
    Member

    Thank you.

    #49937

    AtroposX
    Member

    Just an update on this in comparing beta12 to 13. In beta12, i could add more than 60 fine, but once saving, there will be only 60 displayed in the gui.

    Now in beta 13, i can add more than 60, save, and all will be there, and be active. At least they can be added, as compared to beta12, they wouldn’t display on the gui at all after saving. But, in beta13, if deleting any, once there’s 60 or more, and saving, they won’t delete. If I have 70 rules, and delete 5, the 70 will still be shown on the gui once after saving. To delete you need to delete what you’d like, not save, go to the /DB to the Rules, rm -rf the selected rules, then save in the gui, then they will be deleted in the gui/console.

    #49938

    AtroposX
    Member

    Does anyone else experience this problem, or perhaps not enough people have close to 50-60 rules, that they don’t notice it? I’d really like to put much more than 60 in, using the web interface, that’s one of Zeroshell’s greatest features, its gui for iptabels. I can use manual additions to the FW Rules directory, but it’s tedious due to there being multiple directories for one rule i.e, FIN, NEW, Opt, DestinationIP, DSCP, etc. Does anyone know where the scripts are that after applying changes to the web gui, it updates the gui and iptables, and I could try some troubleshooting?

    Same thing happens in the QoS classifier sections as well. With two rules each to classify one subnet’s upload and download, the classifier section can add up quickly, and become full. Same for the firewall section.

    #49939

    ilNebbioso
    Participant

    Also if this is a old thread, I have to give my experience with b15.

    I found a very similar issue but, after deleted and saved, I experienced also lot of duplicated rules (and rules with conflicting commands too!). I’m not able to delete any rule.

    I started experiencing the problem after I added about 60 new rules at older 15 and I needed to delete some of the new ones.

    Can you please confirm me how to delete definitely these rules (also after reboots).

    Thank you very much for your help and support.

    Ps I opened a new thread on the Italian forum.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.