Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OMV 5 : Can't apply iptable rules. #374

Closed
luluwebmaster opened this issue May 14, 2019 · 4 comments

Comments

Projects
None yet
3 participants
@luluwebmaster
Copy link

commented May 14, 2019

Hello,

Recently, I have installed OMV 5 ( Beta ), but now, I try to make iptables rules, and when I apply modifications, I have this error :

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; omv-salt deploy run iptables 2>&1' with exit code '1': /usr/lib/python3/dist-packages/salt/modules/file.py:32: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working from collections import Iterable, Mapping debian: ---------- ID: configure_ifupdown_iptables_rules Function: file.managed Name: /etc/network/if-pre-up.d/openmediavault-iptables Result: True Comment: File /etc/network/if-pre-up.d/openmediavault-iptables updated Started: 15:33:55.487194 Duration: 60.386 ms Changes: ---------- diff: --- +++ @@ -21,5 +21,5 @@ iptables -A INPUT -p udp --source 255.255.255.0/24 --destination 192.168.1.5 --dport 445 -j ACCEPT iptables -A INPUT -p udp --source 255.255.255.0/24 --destination 192.168.1.5 --dport 137:138 -j ACCEPT iptables -A INPUT -p tcp --source 255.255.255.0/24 --destination 192.168.1.5 --dport 22 -j ACCEPT -iptables -A INPUT -p all -j REJECT +iptables -A INPUT -p all -j ACCEPT ---------- ID: apply_ifupdown_iptables_rules Function: cmd.run Name: /etc/network/if-pre-up.d/openmediavault-iptables Result: False Comment: Command "/etc/network/if-pre-up.d/openmediavault-iptables" run Started: 15:33:55.548289 Duration: 11.512 ms Changes: ---------- pid: 3395 retcode: 1 stderr: trap: 15iptables: bad trap stdout: Summary for debian ------------ Succeeded: 1 (changed=2) Failed: 1 ------------ Total states run: 2 Total run time: 71.898 ms

Full details :

Erreur #0:
OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; omv-salt deploy run iptables 2>&1' with exit code '1': /usr/lib/python3/dist-packages/salt/modules/file.py:32: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
  from collections import Iterable, Mapping
debian:
----------
          ID: configure_ifupdown_iptables_rules
    Function: file.managed
        Name: /etc/network/if-pre-up.d/openmediavault-iptables
      Result: True
     Comment: File /etc/network/if-pre-up.d/openmediavault-iptables updated
     Started: 15:33:55.487194
    Duration: 60.386 ms
     Changes:
              ----------
              diff:
                  ---
                  +++
                  @@ -21,5 +21,5 @@
                   iptables -A INPUT -p udp --source 255.255.255.0/24 --destination 192.168.1.5 --dport 445 -j ACCEPT
                   iptables -A INPUT -p udp --source 255.255.255.0/24 --destination 192.168.1.5 --dport 137:138 -j ACCEPT
                   iptables -A INPUT -p tcp --source 255.255.255.0/24 --destination 192.168.1.5 --dport 22 -j ACCEPT
                  -iptables -A INPUT -p all -j REJECT
                  +iptables -A INPUT -p all -j ACCEPT
----------
          ID: apply_ifupdown_iptables_rules
    Function: cmd.run
        Name: /etc/network/if-pre-up.d/openmediavault-iptables
      Result: False
     Comment: Command "/etc/network/if-pre-up.d/openmediavault-iptables" run
     Started: 15:33:55.548289
    Duration: 11.512 ms
     Changes:
              ----------
              pid:
                  3395
              retcode:
                  1
              stderr:
                  trap: 15iptables: bad trap
              stdout:

Summary for debian
------------
Succeeded: 1 (changed=2)
Failed:    1
------------
Total states run:     2
Total run time:  71.898 ms in /usr/share/php/openmediavault/system/process.inc:182
Stack trace:
#0 /usr/share/php/openmediavault/engine/module/serviceabstract.inc(60): OMV\System\Process->execute()
#1 /usr/share/openmediavault/engined/rpc/config.inc(164): OMV\Engine\Module\ServiceAbstract->deploy()
#2 [internal function]: Engined\Rpc\Config->applyChanges(Array, Array)
#3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#4 /usr/share/php/openmediavault/rpc/serviceabstract.inc(149): OMV\Rpc\ServiceAbstract->callMethod('applyChanges', Array, Array)
#5 /usr/share/php/openmediavault/rpc/serviceabstract.inc(577): OMV\Rpc\ServiceAbstract->OMV\Rpc\{closure}('/tmp/bgstatusoK...', '/tmp/bgoutputXb...')
#6 /usr/share/php/openmediavault/rpc/serviceabstract.inc(159): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure))
#7 /usr/share/openmediavault/engined/rpc/config.inc(186): OMV\Rpc\ServiceAbstract->callMethodBg('applyChanges', Array, Array)
#8 [internal function]: Engined\Rpc\Config->applyChangesBg(Array, Array)
#9 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#10 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('applyChangesBg', Array, Array)
#11 /usr/sbin/omv-engined(536): OMV\Rpc\Rpc::call('Config', 'applyChangesBg', Array, Array, 1)
#12 {main}

Do you have a idea for solve that ?

NB : Sorry for my bad English, I French.

Thanks you !

@votdev votdev added 5.x bug labels May 14, 2019

votdev added a commit to votdev/openmediavault that referenced this issue May 14, 2019

Fix bug in iptables generation.
Fixes: openmediavault#374
Signed-off-by: Volker Theile <votdev@gmx.de>

votdev added a commit to votdev/openmediavault that referenced this issue May 14, 2019

Fix bug in iptables generation.
Fixes: openmediavault#374

Signed-off-by: Volker Theile <votdev@gmx.de>

votdev added a commit to votdev/openmediavault that referenced this issue May 15, 2019

Issue openmediavault#374: Fix iptables issue. Use systemd service ins…
…tead of ifupdown.

Fixes: openmediavault#374

Signed-off-by: Volker Theile <votdev@gmx.de>

votdev added a commit to votdev/openmediavault that referenced this issue May 15, 2019

Issue openmediavault#374: Fix iptables issue. Use systemd service ins…
…tead of ifupdown.

Fixes: openmediavault#374

Signed-off-by: Volker Theile <votdev@gmx.de>

votdev added a commit to votdev/openmediavault that referenced this issue May 15, 2019

Issue openmediavault#374: Fix iptables issue. Use systemd service ins…
…tead of ifupdown.

Fixes: openmediavault#374

Signed-off-by: Volker Theile <votdev@gmx.de>

@votdev votdev closed this in #376 May 15, 2019

votdev added a commit that referenced this issue May 15, 2019

Issue #374: Fix iptables issue. Use systemd service instead of ifupdo…
…wn. (#376)

Issue #374: Fix iptables issue. Use systemd service instead of ifupdown.
@luluwebmaster

This comment has been minimized.

Copy link
Author

commented May 15, 2019

Hello,

Thanks, but how I can upgrade OpenMediaVault to the new version ?

Thank you.

@votdev

This comment has been minimized.

Copy link
Collaborator

commented May 15, 2019

You have to wait until openmediavault 5.0.2 is released or you have to build the package yourself if you won't wait.

@luluwebmaster

This comment has been minimized.

Copy link
Author

commented May 15, 2019

Oh, ok thank you, I wait for the new release.

@subzero79

This comment has been minimized.

Copy link
Contributor

commented May 22, 2019

@votdev also you shouldn't be flushing the filter table completely , just INPUT/OUTPUT, the panel doesn't manage the fwd chain or does it lately?

OMV4

-i "count(//system/network/iptables/rule[family='inet']) > 0" \
-o "iptables -t filter -F INPUT" -n \
-o "iptables -t filter -F OUTPUT" -n \
-b \
-i "count(//system/network/iptables/rule[family='inet6']) > 0" \
-o "ip6tables -t filter -F INPUT" -n \
-o "ip6tables -t filter -F OUTPUT" -n \

https://github.com/votdev/openmediavault/blob/64704884e2c62ab0ac61e6a8ba22c4e2a5a65984/deb/openmediavault/srv/salt/omv/deploy/iptables/files/etc_iptables_openmediavault-rules.j2#L18

Neither should change the policy also of the FWD chain

https://github.com/votdev/openmediavault/blob/64704884e2c62ab0ac61e6a8ba22c4e2a5a65984/deb/openmediavault/srv/salt/omv/deploy/iptables/files/etc_iptables_openmediavault-rules.j2#L71

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.