Hi,
…“for the records” and for everyone who runs into this problem with Core 150 - perhaps it helps:
Despite upgrading to Core 150 a few days ago, nothing was blocked. I waited.
Yesterday morning, 8:00, I suddenly couldn’t get any access to the GUI or via SSH. ‘ping’ was OK, but that was all. I had apparently joined the bug. Database update!? Ok, lets see.
What I did (memory protocol!):
Since there is no keyboard or monitor down in the cellar where my box is standing, I had to take her upstairs with me.
I attached monitor, keyboard and GREEN only. No RED available here…
Disabled Geo-IP-Blocking by editing /var/ipfire/firewall/locationblock, changing LOCATIONBLOCK_ENABLED=on
to
LOCATIONBLOCK_ENABLED=off.
Added the fix from:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=c69c820025c21713cdb77eae3dd4fa61ca71b5fb to ./usr/lib/firewall/rules.pl
Rebooted. Access to GUI was OK. Hm.
I brought the box back in the cellar and attached GREEN and RED.
After a restart, GUI was still OK, but DNS and DNSSEC were completely broken.
I opened https://[GREEN_IPFIRE_IP]:444/cgi-bin/location-block.cgi (Enable Location based blocking: was unchecked as intended), changed NOTHING, just clicked on SAVE and reloaded all rules on https://[GREEN_IPFIRE_IP]:444/cgi-bin/firewall.cgi.
Then I activated Geo-IP-Blocking again and its still running OK.
IPTables / LOCATIONBLOCK on https://[GREEN_IPFIRE_IP]/cgi-bin/iptables.cgi have to look like this:
HTH,
Matthias