Bug #957
Bugs in acf-iptables-0.3.1-r2
| Status: | Closed | Start date: | 01/23/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Ted Trask |
% Done: | 100% |
|
| Category: | ACF | |||
| Target version: | - |
Description
Hello,
I've just downloaded "acf-iptables-0.3.1-r2" package and it looks to me that it does not work properly. Here are my observations:
1. It looks that "save" button (both on status and expert pages) uses "iptables save" script ("/etc/init.d/iptables"), which saves rules in this file: /etc/iptables/rules-save, but in acf iptables-model.lua you are using this file "local rulesfile = "/var/lib/iptables/rules-save". This is inconsistent and thus saved rules are not reloaded.
2. Editing of rules in ACF after they are created is impossible, every attempt is producing an error:
Application error occured
/usr/share/acf/app//iptables/iptables-model.lua:455: bad argument #1 to 'match' (string expected, got nil) stack traceback: [C]: in function 'match' /usr/share/acf/app//iptables/iptables-model.lua:455: in function </usr/share/acf/app//iptables/iptables-model.lua:335> (tail call): ? /usr/share/acf/lib//controllerfunctions.lua:68: in function </usr/share/acf/lib//controllerfunctions.lua:67> (tail call): ? /usr/share/acf/app//acf_www-controller.lua:478: in function </usr/share/acf/app//acf_www-controller.lua:386> [C]: in function 'xpcall' /usr/share/acf/app//acf_www-controller.lua:386: in function 'dispatch' [string "acf"]:18: in main chunk
BR,
MiskorR
History
Updated by Ted Trask about 1 month ago
Looks like the location of the rules-save file moved in Alpine Linux 2.3 without my noticing. Are you testing on Alpine 2.3 or edge? In the meantime, I can setup a test box and start looking at the second issue.
Updated by Miodrag Radulovic 30 days ago
I am testing on Alpine 2.3.3.
If I can help you with testing on second issue please let me know.
Updated by Ted Trask 29 days ago
I have not been able to reproduce the second error on a fresh install of alpine 2.3.5. Can you post the /etc/iptables/rules-save file you're using? Or, at least the offending line?
Updated by Miodrag Radulovic 29 days ago
I am using Alpine 2.3.3. How can I upgrade to 2.3.5?
Here is my rules-save (nothing fancy there, basic stuff, even with one single line that error appeared):
alpine:~# cat /etc/iptables/rules-save
- Generated by iptables-save v1.4.12.1 on Mon Jan 23 00:45:05 2012
*mangle
:PREROUTING ACCEPT [11761:1392905]
:INPUT ACCEPT [11027:1089781]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5906:2692750]
:POSTROUTING ACCEPT [5906:2692750]
COMMIT - Completed on Mon Jan 23 00:45:05 2012
- Generated by iptables-save v1.4.12.1 on Mon Jan 23 00:45:05 2012
*nat
:PREROUTING ACCEPT [1452:376248]
:INPUT ACCEPT [568:51830]
:OUTPUT ACCEPT [810:67566]
:POSTROUTING ACCEPT [810:67566]
COMMIT - Completed on Mon Jan 23 00:45:05 2012
- Generated by iptables-save v1.4.12.1 on Mon Jan 23 00:45:05 2012
*filter
:INPUT ACCEPT [1585:162764]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4882:2353207]
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
[2178:255925] -A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 3000 -j ACCEPT
[0:0] -A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport http -j ACCEPT
[1286:94850] -A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport ssh -j ACCEPT
[397:49275] -A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport https -j ACCEPT
[1549:152985] -A INPUT -j DROP
COMMIT - Completed on Mon Jan 23 00:45:05 2012
alpine:~#
Updated by Ted Trask 29 days ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Thank you for the thorough bug report.
Fixed in http://git.alpinelinux.org/cgit/aports/commit/?id=c381357c4cd3744f14e39974a91997c5f1cc55aa
Updated by Natanael Copa 24 days ago
- Status changed from Resolved to Closed