Bug #3136
Invalid port forward after deleting firewall objects
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-firewall-base | |||
| Target version: | v6.6 | |||
| Security class: | Resolution: | |||
| Affected version: | v6.6 | NEEDINFO: | No |
Description
If a firewall object (e.g. an host) referenced in a port forward is deleted, the firewall configuration breaks with an error:
ERROR: Missing destination zone /etc/shorewall/rules (line xxx).
Steps to reproduce:
1. create an host object
2. create a port forward to the above host
3. delete the host
4. see the error
Temporary solution: delete the wrong port forward or re-create the deleted host. :-)
I think we need to cross check the usage of firewall objects and deny deletion.
Related issues
Associated revisions
System validator: better check for firewall objects. Refs #3136
Translations: update validator labels. Refs #3136
History
#1
Updated by Filippo Carletti over 6 years ago
A similar bug is present on traffic shaping. The error shown is:
WARNING: There are entries in /etc/shorewall/tcpri but /etc/shorewall/tcinterfaces was empty /etc/shorewall/tcpri (line 23) ERROR: Invalid tcpri entry /etc/shorewall/tcpri (line 23)
#2
Updated by Alessio Fattorini about 6 years ago
Same problem with host or group object deleted and already used on "host without Proxy" panel
Steps to reproduce:
1. create an host object
2. use it on "host without Proxy" panel
3. remove it
Obtains this red note:
Task completed with errors Configuring shorewall #32 (exit status 1) ERROR: Invalid host list (!,192.168.0.211) /etc/shorewall/rules (line 290)
Now it's impossible to create/modify every firewall rule, it breaks with this error
Configuring shorewall #28 ERROR: Unknown Interface (!,) /etc/shorewall/rules (line 285)
Line 285 shows
?COMMENT transparent proxy on green for port 80 REDIRECT loc:! 3129 tcp 80 - !192.168.0.2,192.168.1.4
#3
Updated by Filippo Carletti about 6 years ago
- Priority changed from Normal to High
#4
Updated by Giacomo Sanchietti about 6 years ago
- Category set to nethserver-firewall-base
- Target version set to v6.6
#5
Updated by Giacomo Sanchietti about 6 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#6
Updated by Giacomo Sanchietti about 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#7
Updated by Giacomo Sanchietti about 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#8
Updated by Giacomo Sanchietti about 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-firewall-base-2.6.0-1.6.g31fb0af.ns6.noarch.rpm
- Check the bug is not reproducible
- Tests with all kind of objects including CIDR and IP ranges
#9
Updated by Filippo Carletti about 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
- firewall rules
- shaping priorities
- proxy bypass
- web filter profiles
When I tried to delete an used object I was blocked with a red error message that said the object is in use:
Could not delete object. The host is used by firewall rules.
Note: having a lot of objects used in a lot of places makes it hard to find where you used them. I'd appreciate a search function. I'll file an enhancement request.
#10
Updated by Giacomo Sanchietti about 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-firewall-base-2.6.1-1.ns6.noarch.rpm
#11
Updated by Giacomo Sanchietti about 6 years ago
- Related to Bug #3173: Invalid traffic shaping rules after deleting host object added