After updating to Core 150 out networking wasn’t not functioning anymore. We could not even reach the web interface / GUI of ipfire. This could only be achieved by whitelisting all connections from GREEN in iptables’ CUSTOMINPUT chain.
After 2 hours of searching it turned out that everything worked again by turning off the GeoIP-blocking. If you view the iptables page in the web GUI one can see that the LOCATIONBLOCK chain listens on all interfaces or ‘*’. I think it should only listen on RED.
Today I ran into the same problem and tracked it to the LOCATIONBLOCK chain.
While it occoured after an upgrade from core149->core150 it also happened on a new install of core150, and blocking of all connections to GREEN persists in core151rc.
I did a rollback to 149 as this instance is only used as Location-Blocker for my homelab and Location-Filter is useless or worse in every version >core149
My solution to the No-GUI-Problem was to login as root on the CLI and navigate to /var/ipfire/firewall where I moved the locationblock file to locationblock.old. Then I ran /usr/local/bin/firewallctrl and the connections started to work again. To disable the defunct Location-Filter in GUI I moved the .old file back before accessing the GUI.
As advised on the bugtracker I ran ‘location update’ as root from CLI. Got the database from Tue, 13 Oct 2020 08:21:56 GMT
With this database the location filter works as intended as far as I can see, no GUI or SSH lockout, traffic flows as it should.
This seems to be a dud database in the upgrade and/or install files and insufficient checks on the validity of the database when such a thing can bring down all connectivity
One hour ago i did the update from 149 to 150 and some minutes later i run in the same problem. No internet connection anymore, no wui, no ssh. After a quick search here i tried @bladerunner tipp “location update” but it won’t work because i’m “Already on the latest version”.
So i had to rename /var/ipfire/firewall/locationblock and run firewallctrl. After that everthing was good again.
Now geoblocking is diabled until the bug is fixed…
Perhaps I should have mentioned that I disabled location-block before the Upgrade from 149->150 and then ran the “location update” from SSH shell, which got me a new location database.
Only after all this I re-enabled the location-block, that has worked for the last few hours.
Progress is reported in the bugtracker, one of the devs already picked up on @user-0815 entry.