Use of unitialized value $sources in pattern macht (m//) at /usr/lib/firewall/rules.pl

Hi all,

I just had a struggle to restart my VM`s after the Macvtab removal.

https://community.ipfire.org/t/unable-to-add-bridge-orange0-port-vnet0-operation-not-supported/5359/7

I have now noticed 4 new lines or messages at boot time after reconfiguring the network cards etc. The rules are this section here.

10.10.2.4 my cloud VM is in the DMZ and port 443 must be open to it.

# Prepare source options.
	my @source_options = ();
	if ($source =~ /mac/) {
	push(@source_options, $source);
	} elsif ($source =~ /-m geoip/) {
	push(@source_options, $source);
	} elsif($source) {
	push(@source_options, ("-s", $source));
	}

best regards Paul

No one has any idea what the messages could mean?

I can only guess there isn’t enough information to help:

  • The right part of the screen shot is missing…

  • Is there anything custom with the firewall? At firewall.local?

    • if yes, include a screen shot of the custom rules.
  • do you have any firewall rules (menu Firewall > Firewall Rules)?

    • if yes, include a screen shot of the Rules
  • What is the code segment starting with Prepare source options.?

  • is this VirtualBox or VMWare that is running IPFire? Or?


FYI - I don’t know macvtab. Hopefully with more info someone can assist.

Hi @pablo78

I am not familiar with those error messages you are seeing.

My normal approach to debugging things like that would be to go and look in the /usr/lib/firewall/rules.pl code at lines 392 and 394 and see where the variable $source is coming from and try and figure out how it has ended up uninitialized.

It might be related to the following error lines where it has “-d none” towards the right hand side of your screenshot. That is saying that your forward rule has a source of 10.10.2.4 and a destination of none which is definitely incorrect.

Maybe when you have reconfigured your network cards you have changed the address of one of them and that has caused an existing firewall rule to end up with a destination of none.

The above is just guesswork on my part but would be how I would be trying to debug the problem.

I do not understand the section titled # Prepare source options. I don’t know what file that would be in or what it is doing so can’t help on that.

Hello all,

I have cleaned up my firewall rules and firewall groups as well. At boot time I got no more errors and so the issue is solved for me.

I have a VM (using QEMU) on the router that is in the DMZ. My firewall reglet the access to this VM from external.

Rules

  1. for a certain time window all regions with access via HTTP/S are allowed so that my Nextcloud can get a new certificate via Lets Encrypt.
  2. using Location Groups I have blocked all regions except DE.
  3. the Nextcloud VM is allowed to connect to the CheckMK monitoring server (green) via port 443.
  4. port forwarding from external 443 to port 443 of the VM (10.10.2.4)

With this config it works for me now and many thanks for the help & suggestions.