Blue Network No Internet - Curious Solution - Bug?


The other night I upgraded from Core 141 to Core 159. I had to reinstall using 159 (another story). Anyway, I backed up 141 and collected screenshots for manual configuration (just in case backup didn’t work for some reason).

I installed 159, restored the backup and everything seemed to be fine - until I tried Blue devices. No Blue network device could get to the Internet whereas they were perfectly fine in 141. Hours went by, head was scratched, sleep was lost, music was heard, and then I noticed one Firewall rule. I had a rule that blocked Blue access to a Geo location. This rule was fine in 141, it was simple, “Block all Blue Network traffic to” this Geo location. HOWEVER, when I reviewed the rule in 159, it also was simple… “Block all Blue Network traffic to Blue Network”.


I corrected the rule and all worked fine like it did in 141. I figure that somehow either 141 wrote the rule incorrectly to the backup or 159 read the rule incorrectly while restoring. So, now my task is to review my rules to make sure this kind of thing didn’t happen elsewhere.

Anybody else see this?

  • Phil

I haven’t seen it but I have been doing the updates each time they come up. There has been a lot of significant changes between 141 and 159.

You can see what IPFire put into the backup you have from 141 by opening the backup file with an unarchiver such as xarchiver or you could do it on the command line. Basically the backup is a gzipped tar file.

You can find your Firewall Rules that are in the top table of the Firewall page in the following file in the archive.


It is just a text file and you can read it and compare it with what you had in 141 and what ended up in 159.



Thanks for the suggestion! That shed some light on the situation. It looks like 141 wrote the rule correctly and 159 picked it up wrong for some reason during the restore.

Looking through the firewall settings in the backup file a proper “cust_geoip_tgt” can be seen.

I’m not one to cry “Bug!” when I see something like this so I’ll just chalk it up to, “Maybe my system or something I did is weird”, especially if I’m the only one who’s seen it.

Thanks Much!

1 Like

How exactly reads the line in /var/ipfire/firewall/config?
Does a group ‘cust_geoip_tgt’ exist?

If the reading of the rule is faulty, you should report a bug in bugzilla.
Another cause maybe a change in syntax of the file occurred and is handled in the update process, but not by a direct restore of 141 rules to 159.

1 Like


Okay… here is the line in the Core 141 backup file:

5,DROP,FORWARDFW,ON,std_net_src,BLUE,cust_geoip_tgt,CN,Block ALL BLUE traffic to China,ON,00:00,00:00,AUTO,dnat,second

So the source is BLUE
The custom geoip target is CN
The label is Block ALL BLUE traffic to China

What I got after the restore in 159 is
So the source is BLUE
The target is BLUE

Thanks for looking into this!