Menu
▾
▴
#5060 IPv6 Firewall Error message
Hi Jamie,
I'm getting an error message in the "Linux IPTables Firewall for ip6tables".
I have changed nothing in my setup, the ip6tables.up.rules file is exactly the same as always.
The error message in webmin says:
WARNING! Your current IPtables configuration is invalid : iptables-restore v1.4.21: host/network `fe80::' not found Error occurred at line: 19
The line 19 is:
-A INPUT -s fe80::/10 -m comment --comment "link-local addresses" -j ACCEPT
Thanks for assistance
cheers mike
Last edit: M.T.R 2017-12-12
Last edit: M.T.R 2017-12-12
Last edit: M.T.R 2017-12-12
Last edit: M.T.R 2017-12-12
i think i found the reason:
in the module setup for firewall ipv4 as well as for ipv6
there is a setup:
Directly edit firewall IPv6 rules instead of save file? YES | NO
this was not selected since this last update.
in ipv4 it was selected to YES and the firewall was working.
i have set it now for ipv6 also to YES
and the error messages were gone.
i think the last update was not working 100% right,
and some parameters got lost.
so my same question:
how to repeat the upgrade to suuceed without error messages to be sure everything is right.
cheers mike
<bg></bg>
That setting will cause firewall rules to not be permanently saved though .. is that what you want?
i don't know,
atleast, if i set this to "NO", i get these erreor message like said above.
indeed i do not edit the firewall online with this page.
this is done offline and the iptables.up.rules and ip6tables.up.rules files are transferred to the server.
also failban modifies the firewall.
this firewall page is only for verifying the settings.
the question is, why do i get these error messages, when the setting is "NO".
cheers mike
Can you attach your IPtables config file to this bug?
ok here it is.
BTW
when "Directly edit firewall IPv6 rules instead of save file?" is set to "NO",
webmin sends error message,
which disappears, when I delete the lines with masked values included like:
"-A INPUT -s fe80::/10 -m comment --comment "link-local addresses" -j ACCEPT"
I think there is something broken.
Hope this helps.
cheers mike
Last edit: M.T.R 2017-12-15
It seems liike the real bug is that the wrong
iptables-restorecommand is being used (v4 instead of v6).Which Linux distribution and version are you running there?
strange though.
i upload iptables.up.rules to the server and then ssh the command:
iptables-restore < /etc/iptables.up.rules
i upload ip6tables.up.rules to the server and then ssh the command:
ip6tables-restore < /etc/ip6tables.up.rules
this is all, just that simple.
from my point of view this works fine.
this is completely independent of webmin.
as i said i use the webmin firewall page only to display my firewalls.
i can also call the firewalls status from ssh and all is fine.
if there was a problem, i would already see this when i ssh the restore commands.
if they are accepted without comment, all is OK.
i have the newest Debian Linux 8 on the server everything is uptodate.
if there is a problem concerning the error messages above,
this is on webmin side, i'm sure.
cheers mike
What if you SSH in as root and run
/etc/init.d/ip6ables start?That's the command Webmin uses.
if i ssh "/etc/init.d/ip6tables start" i get following server answer:
"-bash: /etc/init.d/ip6ables: No such file or directory"
the right command for activate the ip6tables.up.rules file is:
"ip6tables-restore < /etc/ip6tables.up.rules"
without webmin i edit and control the linux firewall without an problems.
the report status is fine like i said.
may be you don't understand what i have reported:
when "Directly edit firewall IPv6 rules instead of save file?" is set to "NO",
(in "Networking/Linux IPv6 Firewall/Module Config"),
on top of the page is displayed the error message from the start of the thread
when i go to:
"Networking/Linux IPv6 Firewall".
There is no user action before, it has nothing to do with any edits in this page, cause i DO NOT edit it,
and i hit NO button.
Hope I could make the problem clear.
cheers mike
Ok, I see now - sorry, I was going down the wrong path. This will be fixed in the next Webmin release.
I also have say sorry, the bug exists because I overlooked one use of iptables
as jamie says its fixed now.
if you dont want to waitfor the next releasey you can also update from github repo using update-from-repo.sh
Last edit: Kay 2017-12-19