Bug 10410 - new firewall: Errors at boot if no blue is used
Summary: new firewall: Errors at boot if no blue is used
Status: CLOSED FIXED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all Unspecified
: - Unknown - Minor Usability
Assignee: Michael Tremer
QA Contact: Alexander Marx
URL:
Keywords:
Depends on:
Blocks: 10486
  Show dependency treegraph
 
Reported: 2013-09-01 21:41 UTC by Arne.F
Modified: 2014-05-10 17:07 UTC (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arne.F 2013-09-01 21:41:29 UTC 
At boot the new firewall (fifteen branch) give some errors on a RED + GREEN setup.

--boot--
Setting up firewall
Cannot read ENABLED
Cannot read BLUE_DEV
Bad argument 'DROP'
Try 'iptables -h' or 'iptables --help' for more information.
Bad argument 'DROP'
Try 'iptables -h' or 'iptables --help' for more information.
-------

Looks like the script does not check that blue is not active and try to create the chains anyway.
Comment 1 Michael Tremer 2013-09-02 22:32:10 UTC 
http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=52c5ec837f1b8ebbb93d1477dcb345ea921b84a7

This was actually not caused by a missing BLUE device, but a missing ORANGE device.

I rewrote the firewall-policy script, so that it will honour CONFIG_TYPE, which defines which interfaces are used. There is also more validation if BLUE_DEV, etc. are actually defined.