Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upToo many firewall rules leads to: Error starting VM: (0, 'Error') #1570
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
desci
Jan 2, 2016
[SOLVED] not really, see next comment below
I have removed entries using top level domain .se from the AppVM's firewall and the error vanished.
Not closing this issue because it seems that this is serious, how come the firewall rules wreck the entire system? (From an end user's perspective)
desci
commented
Jan 2, 2016
|
I have removed entries using top level domain Not closing this issue because it seems that this is serious, how come the firewall rules wreck the entire system? (From an end user's perspective) |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
desci
Jan 2, 2016
Now there seems to be nothing to do with the .se top level domain.
I have added new .org rules to the firewall and the same error applies, and now it seems to be about adding too much entries, taking into account all entries of all AppVMs.
Erasing a whole firewall rules from another VM (was about 20 entries) seemed to "solve" for now. Unless I need those rules again.
desci
commented
Jan 2, 2016
|
Now there seems to be nothing to do with the I have added new Erasing a whole firewall rules from another VM (was about 20 entries) seemed to "solve" for now. Unless I need those rules again. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
desci
Jan 2, 2016
I'm wrong yet again.
This seem to happen when I try to save the AppVM's firewall rules with more than 35 entries.
desci
commented
Jan 2, 2016
|
I'm wrong yet again. This seem to happen when I try to save the AppVM's firewall rules with more than 35 entries. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
What Qubes version are you using? I guess R2, right? |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Jan 4, 2016
Member
Hmm, or maybe R3.0. In which case it would be similar to this:
https://groups.google.com/d/msgid/qubes-users/55CF8DF8.8050505%40riseup.net
|
Hmm, or maybe R3.0. In which case it would be similar to this: |
marmarek
added this to the Release 3.0 updates milestone
Jan 4, 2016
marmarek
added
bug
C: core
C: qubes-manager
labels
Jan 4, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Jan 4, 2016
Member
If that's the case, I see two things here:
- lack of clear indication of firewall rules count limit (bug)
- too low limit (feature request)
|
If that's the case, I see two things here:
|
marmarek
referenced this issue
Jan 4, 2016
Closed
quickly restarting VM leads to race condition, VM startup and keyboard issues #1241
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
desci
commented
Jan 6, 2016
|
@marmarek |
marmarek
changed the title from
Error starting VM: (0, 'Error')
to
Too many firewall rules leads to: Error starting VM: (0, 'Error')
Jan 19, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
3hhh
Nov 3, 2016
Still valid in 3.2.
Steps to reproduce:
- Create a ProxyVM.
- Add 40 firewall entries via Qubes VM manager or directly via firewall.xml (I just tested it with different IPs and Port 443/TCP), defaults all disallowed.
- Start the VM (works).
- Stop the VM, add another rule.
- Start the VM (doesn't work, aforementioned error occurs).
3hhh
commented
Nov 3, 2016
|
Still valid in 3.2. Steps to reproduce:
|
added a commit
to unman/qubes-doc
that referenced
this issue
Nov 8, 2016
unman
referenced this issue
in QubesOS/qubes-doc
Nov 8, 2016
Merged
Update qubes-firewall.md-include limit on iptables #212
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Nov 19, 2016
Member
This is already fixed for Qubes 4.0. The fix is not feasible for backport (it's incompatible change). The limitation is already documented.
|
This is already fixed for Qubes 4.0. The fix is not feasible for backport (it's incompatible change). The limitation is already documented. |
marmarek
closed this
Nov 19, 2016
andrewdavidwong
reopened this
Jun 20, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Reopening due to #4018. |
desci commentedJan 2, 2016
EDIT: This trace is irrelevant. See comment 4. The only relevant thing is the number of firewall rules of the AppVM, it has a 35 rules cap.
Steps:
work-somename;workAppVM did existed (the one created at install), it was renamed towork-clone;work-somenamerenamed towork;Error starting VM 'work': (0, 'Error');workrenamed towork-personal;work-clonerenamed back towork;work-personalrenamed back towork-somename;When I try to start the AppVM in any way, it is left with a gray led in the QubesManager, it can't be stopped or paused, only started. When I try to start it for the second time, the led turns to yellow and now I can either pause or stop the AppVM.
After I do this with this particular AppVM, whenever I try to start any other AppVM, the same error occurs, therefore rendering the system unusable.
That was the github VM, I had to login here from a DispVM.
I have not tried the cli manager, only the graphical QubesManager and the KDE menu.
EDIT: removing irrelevant, long logs (please use gist/attach next time)