#249 Firewall builder import failure

open
nobody
None
5
2014-08-22
2013-01-27
John
No

When importing attached iptables-save output file, fwbuilder reports the following instead of the desired outcome which would be a an import without error messages and the same meaning as the original firewall rules:
Version: Firewall Builder GUI 5.1.0.3599
OS: Ubuntu precise

1: Version: 1.4.10
3: New ruleset: nat / PREROUTING
3: Default action: Accept
4: New ruleset: nat / INPUT
4: Default action: Accept
5: New ruleset: nat / OUTPUT
5: Default action: Accept
6: New ruleset: nat / POSTROUTING
6: Default action: Accept
7: New ruleset: nat / postrouting_rule
7: Default action: Deny
8: New ruleset: nat / prerouting_lan
8: Default action: Deny
9: New ruleset: nat / prerouting_rule
9: Default action: Deny
10: New ruleset: nat / prerouting_wan
10: Default action: Deny
11: New ruleset: nat / zone_lan_nat
11: Default action: Deny
12: New ruleset: nat / zone_lan_prerouting
12: Default action: Deny
13: New ruleset: nat / zone_wan_nat
13: Default action: Deny
14: New ruleset: nat / zone_wan_prerouting
14: Default action: Deny
26: Version: 1.4.10
26: Error: Unrecognized netfilter table "raw". Only tables "filter", "mangle" and "nat" are supported.
28: New ruleset: raw / PREROUTING
28: Default action: Accept
29: New ruleset: raw / OUTPUT
29: Default action: Accept
30: New ruleset: raw / zone_lan_notrack
30: Default action: Deny
31: New ruleset: raw / zone_wan_notrack
31: Default action: Deny
32: New interface: br-lan
32: Error: Rule can not be imported correctly because original configuration uses unrecognized netfilter table "raw".
32: Error: Error: Unrecognized netfilter table "raw". Only tables "filter", "mangle" and "nat" are supported.
32: Error: Error: Rule can not be imported correctly because original configuration uses unrecognized netfilter table "raw".
33: New interface: eth1
33: Error: Rule can not be imported correctly because original configuration uses unrecognized netfilter table "raw".
33: Error: Error: Rule can not be imported correctly because original configuration uses unrecognized netfilter table "raw".
36: Version: 1.4.10
38: New ruleset: mangle / PREROUTING
38: Default action: Accept
39: New ruleset: mangle / INPUT
39: Default action: Accept
40: New ruleset: mangle / FORWARD
40: Default action: Accept
41: New ruleset: mangle / OUTPUT
41: Default action: Accept
42: New ruleset: mangle / POSTROUTING
42: Default action: Accept
43: New ruleset: mangle / zone_wan_MSSFIX
43: Default action: Deny
44: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
44: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
45: Warning: Using automatic rule controlled by option Clamp MSS to MTU
48: Version: 1.4.10
50: New ruleset: filter / INPUT
50: Default action: Accept
51: New ruleset: filter / FORWARD
51: Default action: Deny
52: New ruleset: filter / OUTPUT
52: Default action: Accept
53: New ruleset: filter / forward
53: Default action: Deny
54: New ruleset: filter / forwarding_lan
54: Default action: Deny
55: New ruleset: filter / forwarding_rule
55: Default action: Deny
56: New ruleset: filter / forwarding_wan
56: Default action: Deny
57: New ruleset: filter / input
57: Default action: Deny
58: New ruleset: filter / input_lan
58: Default action: Deny
59: New ruleset: filter / input_rule
59: Default action: Deny
60: New ruleset: filter / input_wan
60: Default action: Deny
61: New ruleset: filter / output
61: Default action: Deny
62: New ruleset: filter / output_rule
62: Default action: Deny
63: New ruleset: filter / reject
63: Default action: Deny
64: New ruleset: filter / syn_flood
64: Default action: Deny
65: New ruleset: filter / zone_lan
65: Default action: Deny
66: New ruleset: filter / zone_lan_ACCEPT
66: Default action: Deny
67: New ruleset: filter / zone_lan_DROP
67: Default action: Deny
68: New ruleset: filter / zone_lan_REJECT
68: Default action: Deny
69: New ruleset: filter / zone_lan_forward
69: Default action: Deny
70: New ruleset: filter / zone_wan
70: Default action: Deny
71: New ruleset: filter / zone_wan_ACCEPT
71: Default action: Deny
72: New ruleset: filter / zone_wan_DROP
72: Default action: Deny
73: New ruleset: filter / zone_wan_REJECT
73: Default action: Deny
74: New ruleset: filter / zone_wan_forward
74: Default action: Deny
75: Error: Unknown module: conntrack
75: Error: Unknown option: --ctstate
75: Parser error: line 75:33: unexpected token: RELATED
75: Error: Error: Unknown module: conntrack
75: Error: Error: Unknown option: --ctstate
76: New interface: lo
80: Error: Unknown module: conntrack
80: Error: Unknown option: --ctstate
80: Parser error: line 80:35: unexpected token: RELATED
80: Error: Error: Unknown module: conntrack
80: Error: Error: Unknown option: --ctstate
84: Error: Unknown module: conntrack
84: Error: Unknown option: --ctstate
84: Parser error: line 84:34: unexpected token: RELATED
84: Error: Error: Unknown module: conntrack
84: Error: Error: Unknown option: --ctstate
120: Warning: Line 50: Added rule to reproduce default policy ACCEPT in filter/INPUT
120: Warning: Line 52: Added rule to reproduce default policy ACCEPT in filter/OUTPUT
120: Warning: Line 40: Can not reproduce default action in table 'mangle' chain 'FORWARD'. (Generated rule may not generate equivalent iptables command when compiled)
120: Warning: Line 40: Added rule to reproduce default policy ACCEPT in mangle/FORWARD
120: Warning: Line 39: Can not reproduce default action in table 'mangle' chain 'INPUT'. (Generated rule may not generate equivalent iptables command when compiled)
120: Warning: Line 39: Added rule to reproduce default policy ACCEPT in mangle/INPUT
120: Warning: Line 41: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT
120: Warning: Line 42: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING
120: Warning: Line 38: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING
120: Warning: Line 29: Added rule to reproduce default policy ACCEPT in raw/OUTPUT
120: Warning: Line 28: Added rule to reproduce default policy ACCEPT in raw/PREROUTING

Discussion

  • John
    John
    2013-01-27

    iptables-save output

     
    Attachments
  • Malte Forkel
    Malte Forkel
    2013-03-12

    I'm experiencing very similar problems. I tried to import the default firewall configuration of OpenWrt Attitude Adjustment 12.09-rc1 into Firewall Builder 5.1 (5.1.0.3599) on Windows. I got errors caused by an unrecognized netfilter table "raw" and an unknown module "conntrack".

    Please find attached the output of 'iptables-save' and the import log.

     
    Last edit: Malte Forkel 2013-03-12