Bug 10410

Summary: new firewall: Errors at boot if no blue is used
Product: IPFire Reporter: Arne.F <arne.fitzenreiter>
Component: ---Assignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact: Alexander Marx <amarx>
Severity: Minor Usability    
Priority: - Unknown - CC: arne.fitzenreiter, michael.tremer, stefan.schantl
Version: 2   
Hardware: all   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 10486    

Description Arne.F 2013-09-01 21:41:29 UTC 
At boot the new firewall (fifteen branch) give some errors on a RED + GREEN setup.

--boot--
Setting up firewall
Cannot read ENABLED
Cannot read BLUE_DEV
Bad argument 'DROP'
Try 'iptables -h' or 'iptables --help' for more information.
Bad argument 'DROP'
Try 'iptables -h' or 'iptables --help' for more information.
-------

Looks like the script does not check that blue is not active and try to create the chains anyway.
Comment 1 Michael Tremer 2013-09-02 22:32:10 UTC 
http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=52c5ec837f1b8ebbb93d1477dcb345ea921b84a7

This was actually not caused by a missing BLUE device, but a missing ORANGE device.

I rewrote the firewall-policy script, so that it will honour CONFIG_TYPE, which defines which interfaces are used. There is also more validation if BLUE_DEV, etc. are actually defined.