CU195: Can't add firewall rule for dynamic OpenVPN to green network

Getting Started with IPFire Updates Trouble
1

Hi to everyone,

when trying to add or edit a firewall rule for a dynamic VPN to an IP in the green network the frontend gives an error message with the IP of the source and destination.

To reconstruct the error in CU195 all you have to do is to select OpenVPN as source and the green network as destination both in the standard networks category and click add/update. All other settings do not matter for a reconstruction.

Adding/Editing the rule via CLI works fine and firewall is acting normal.

Rule in /var/ipfire/firewall/config looks like this:

1,ACCEPT,FORWARDFW,ON,std_net_src,OpenVPN-Dyn,cust_host_tgt,MyServer,ON,cust_srvgrp,MyServices,Description here,00:00,00:00,AUTO,dnat,second

So using the CLI works as a workaround if you know how to write a rule.

2

This was already reported in the forum.

https://community.ipfire.org/t/wui-error-when-adding-new-firewall-rule/14275

and I raised a bug report on it and a fix has been created and merged into the CU195 build.

To access the fix you need to update your CU195 install.
To do this change the value in

/opt/pakfire/db/core/mine

from 195 to 194 and then go to the pakfire page and you will find that an update from 194 to 195 is shown as available there.

Upgrade and it will install the latest updated version of CU195.

We are also looking at how to update all the CU195 versions in all of the mirrors.

3 Likes