Firewall ruleset does not update

I have a serious problem with version 161, even if I don’t think it’s a problem related to the version:
if I create a new rule (or update an existing one) on the firewall it doesn’t start working until I reboot the firewall itself :weary: :weary:.

is there any way to force the reload of the rules (from gui or cli / ssh) ?? i can’t restart the firewall for every rule i add …

Please note: IPS is stopped. dns servers just one.one.one.one (both 1.1.1.1 and 1.0.0.1), dns forward -to my Microsoft DNS and to my PiHole

Please help me: my CPU is always at 100% and /var/log/messages is 3GB in continuos growth :scream: :scream:

When you have created the firewall rule(s) did you then press the button labelled in green “Apply changes”
This allows you to create several rules that may be interlinked and only when all of them have been defined do you have make the changes active by pressing that button.

I suspect that this a different issue. If you run a tail command on the messages log what sort of messages is it showing.

My running messages file is around 28MB and the compressed old versions are between 1MB and 10MB so 30GB is suggesting something is flooding your logs with messages. It would be good to know what those messages are to be able to figure out what is causing them.

Hi and thanks for your feedback

yes, obviously I pressed the “apply rules” button, if I had restarted without pressing that button, I probably wouldn’t have had the rule anymore when I restarted

Nov 29 13:56:58 fw kernel: DROP_FORWARD IN=red0 OUT=green0 MAC=10:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=10.x.x.1 DST=192.67.0.12 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=8023 DF PROTO=TCP SPT=34009 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0

Nov 29 13:56:58 fw kernel: IPv4: martian source 192.168.xx.1 from 192.168.xx.8, on dev green0

please note that

  • 10.x.x.1 is the Fritzbox in a configuration internet->fritzbox->ipfire->mynetwork
  • 192.67.0.12 is a camera
  • 192.168.xx.1 is the ipfire green0 iface
  • 192.168.xx.8 is a raspberry with pihole

All of my firewall rule changes have always immediately become active after pressing the Apply changes button. I have never needed to reboot.
The only thing I can think of then is that there is something unusual about what the rules you are creating are doing. Maybe you could show some of the rule definitions that you have this problem with and how you determine that they are not working.
If the rules you are trying to create are very simple but not being enabled without a reboot then other more knowledgeable people will need to provide input.

If most of the messages entries are like the above then that should not be creating a 30GB file unless you are getting flooded by access attempts from the internet.

The messages logs are rotated on a weekly basis with 52 weeks worth kept in compressed form. If you look at the first line of your messages file the date should be Nov 28. If it is earlier then there is a problem with fcron not triggering the log rotation.

1 Like

Hi

is there a way to export (and then import) a text file with the rules? if so, i can attach here all my rules

That FritzBox tries to reach port 80 to my camera seems strange to me, also because the port exposed on internet for that camera is 33433 which is then natted on the FritzBox in 44442
i have 5 types of flooding messages in my log:

  1. a lot of “Martian source” shown above
  2. a lot of messages for DROP_FORWARD despite a specific existant rule (and log flag off)
  3. a lot of unbound messages with error "SERVFAIL all the configured stub or forward servers failed, at zone mydomain.local.
  4. a lot of DROP_FORWARD messages from the FritzBox to my cameras on a standard http port (tcp 80) not used/configured in my camera, on FritzBox & on IPFire
  5. a lot of IPFire kernel messages like this " kernel: ll header: 00000000: ff ff ff ff ff ff dc xx xx xx xx xx xx xx"
    please help me 'cause i’m going crazy :crazy_face:

correct, the file message.1.gz is created on Nov 28

There might be on the command line but I don’t know how to do that.

Then I have no idea why your messages file would be 30GB after only two days?

I am afraid I have reached the end of my capabilities. Hopefully there will be others who can follow on further to help you.

thanks anyway, I hope someone will help me because so I have to cut each time the messages file before being able to read it from the GUI

There are, iptables-save to save rules and iptables-restore [file] to restore. Each of the commands takes a -h argument to get the help menu. Also look at iptables-apply -h

example:
iptables-save bob will create a file called bob in the current dir
iptables-restore bob restores the rules from that file.

2 Likes

kindly mark the post as closed,
the problem was due to the fact that I had created an alias (Network-> Aliases) hoping it would work as an A record on the dns …
instead it created a new network interface in the firewall generating problems like the ones mentioned above (“martian source”); the rest was all in cascade: probably the cpu was too busy logging packages that did not understand where they came from and therefore did not have time to save the rules