awall issueshttps://gitlab.alpinelinux.org/alpine/awall/-/issues2021-11-25T13:35:47Zhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/9640Awall silently ignores wrong attributes in policy files2021-11-25T13:35:47ZPhilippe FryciaAwall silently ignores wrong attributes in policy filesUnknown attributes in policy files are ignored, which may lead to
unexpected iptables configuration.
E.g.:
"filter":
[
{
"family": "inet",
"proto": "tcp",
"port": 22,
"action":...Unknown attributes in policy files are ignored, which may lead to
unexpected iptables configuration.
E.g.:
"filter":
[
{
"family": "inet",
"proto": "tcp",
"port": 22,
"action": "accept"
}
]
Will translate without warning, but will allow all traffic (which is
probably not what was intended), because only the action is translated,
and the expected service is not present.
Maybe at least a warning could be generated if a known attribute is used
at a wrong place like in the above example.
Ideally, anything unexpected should be reported.
*(from redmine: issue id 9640, created on 2018-11-12)*https://gitlab.alpinelinux.org/alpine/awall/-/issues/8874Awall fails to read YAML files2020-09-21T09:41:45ZGareth WilliamsAwall fails to read YAML filesCreating a filter in YAML fails, complaining of not being able to find
various ‘lyaml’ files.
/usr/local/share/lua/5.2/awall/policy.lua:128: module ‘lyaml’ not
found:
no field package.preload\[‘lyaml’\]
no file ‘/usr/local/share/lua...Creating a filter in YAML fails, complaining of not being able to find
various ‘lyaml’ files.
/usr/local/share/lua/5.2/awall/policy.lua:128: module ‘lyaml’ not
found:
no field package.preload\[‘lyaml’\]
no file ‘/usr/local/share/lua/5.2/lyaml.lua’
no file ‘/usr/local/share/lua/5.2/lyaml/init.lua’
no file ‘/usr/share/lua/5.2/lyaml.lua’
no file ‘/usr/share/lua/5.2/lyaml/init.lua’
no file ‘/usr/local/lib/lua/5.2/lyaml.lua’
no file ‘/usr/local/lib/lua/5.2/lyaml/init.lua’
no file ‘./lyaml.lua’
no file ‘/usr/lib/lua/5.2/lyaml.lua’
no file ‘/usr/lib/lua/5.2/lyaml/init.lua’
no file ‘./lyaml.lua’
no file ‘/usr/local/lib/lua/5.2/lyaml.so’
no file ‘/usr/local/lib/lua/5.2/loadall.so’
no file ‘/usr/lib/lua/5.2/lyaml.so’
no file ‘/usr/lib/lua/5.2/loadall.so’
no file ‘./lyaml.so’
stack traceback:
/usr/local/share/lua/5.2/awall/uerror.lua:25: in function
</usr/local/share/lua/5.2/awall/uerror.lua:21>
\[C\]: in function ‘require’
/usr/local/share/lua/5.2/awall/policy.lua:128: in function ‘init’
/usr/local/share/lua/5.2/awall/class.lua:31: in function
</usr/local/share/lua/5.2/awall/class.lua:29>
(…tail calls…)
/usr/sbin/awall:163: in function ‘f’
/usr/local/share/lua/5.2/awall/uerror.lua:20: in function
</usr/local/share/lua/5.2/awall/uerror.lua:20>
\[C\]: in function ‘xpcall’
/usr/local/share/lua/5.2/awall/uerror.lua:19: in function ‘call’
/usr/sbin/awall:156: in main chunk
\[C\]: in ?
*(from redmine: issue id 8874, created on 2018-05-11)*https://gitlab.alpinelinux.org/alpine/awall/-/issues/8377Tests fail on Lua 5.32020-05-01T16:00:33ZJakub JirutkaTests fail on Lua 5.3LUA_VERSION=5.3 ./test.sh
./awall/iptables.lua:121: attempt to concatenate a table value (local 'rule')
stack traceback:
./awall/uerror.lua:25: in metamethod '__concat'
./awall/iptables.lua:121: in method 'dumpfi...LUA_VERSION=5.3 ./test.sh
./awall/iptables.lua:121: attempt to concatenate a table value (local 'rule')
stack traceback:
./awall/uerror.lua:25: in metamethod '__concat'
./awall/iptables.lua:121: in method 'dumpfile'
./awall/iptables.lua:44: in method 'print'
./awall/init.lua:164: in method 'print'
./awall-cli:275: in upvalue 'dump'
./awall-cli:280: in local 'filedump'
./awall-cli:302: in upvalue 'f'
./awall/uerror.lua:20: in function <./awall/uerror.lua:20>
[C]: in function 'xpcall'
./awall/uerror.lua:19: in function 'call'
./awall-cli:156: in main chunk
[C]: in ?
It explodes in
[IPTables:dumpfile](https://github.com/alpinelinux/awall/blob/e115782a8dfa0299b13ab79b2d266454f3331363/awall/iptables.lua#L116):
for i, chain in sortedkeys(chains) do
for i, rule in ipairs(chains[chain]) do
iptfile:write('-A '..chain..' '..rule..'\n')
end
end
…because `rule` is a table.
I used *inspect* to print the table rule:
{
<metatable> = {
__index = <function 1>
}
}
*(from redmine: issue id 8377, created on 2018-01-04)*Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/3419Awall unhandled exception if extra iptables modules are loaded2019-07-14T07:58:21Ziilluzion _Awall unhandled exception if extra iptables modules are loadedIf any extra iptables kernel module is loaded then during **awall
activate** awall raises error exception in **M.flush()** function, line
**for i, chain in ipairs(M.builtin\[tbl\]) do**
in **/usr/share/lua/5.1/awall/iptables.lua**:
...If any extra iptables kernel module is loaded then during **awall
activate** awall raises error exception in **M.flush()** function, line
**for i, chain in ipairs(M.builtin\[tbl\]) do**
in **/usr/share/lua/5.1/awall/iptables.lua**:
function M.flush()
local empty = M.IPTables()
for family, params in pairs(families) do
local success, lines = pcall(io.lines, params.procfile)
if success then
for tbl in lines do
for i, chain in ipairs(M.builtin[tbl]) do
...
since **M.builtin** has no extra module default and there is no error
excpetion handler:
M.builtin = {
filter={'FORWARD', 'INPUT', 'OUTPUT'},
mangle={'FORWARD', 'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING'},
nat={'INPUT', 'OUTPUT', 'POSTROUTING', 'PREROUTING'},
raw={'OUTPUT', 'PREROUTING'},
security={'FORWARD', 'INPUT', 'OUTPUT'}
}
This case happened on host with **iptable\_rawpost** module loaded
*(from redmine: issue id 3419, created on 2014-10-07, closed on 2017-05-17)*https://gitlab.alpinelinux.org/alpine/awall/-/issues/2714AWall 0.3.4 "no-track" for "ping" service is broken2019-07-14T07:56:51ZLeonardo ArenaAWall 0.3.4 "no-track" for "ping" service is brokenSample policy:
“filter”: \[
{ “in”: “\_fw”, “out”: “$INET”, “service”: “ping”, “action”: “accept”,
“no-track”: true }
\]
This policy does not add the reverse rule for accepting incoming
echo-reply packets. Instead it adds the rever...Sample policy:
“filter”: \[
{ “in”: “\_fw”, “out”: “$INET”, “service”: “ping”, “action”: “accept”,
“no-track”: true }
\]
This policy does not add the reverse rule for accepting incoming
echo-reply packets. Instead it adds the reverse rule for accepting
incoming echo-requests.
*(from redmine: issue id 2714, created on 2014-02-25, closed on 2014-03-17)*
* Changesets:
* Revision a12bd0c0110bd4d77ae195522555ca75805a5cfc by Kaarle Ritvanen on 2014-02-28T21:31:20Z:
```
properly handle stateless ICMP rules
fixes #2714
```Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/2263netbios-ns and ip6tables2019-07-14T07:55:53ZNatanael Copanetbios-ns and ip6tableswhen i add a service ‘netbios-ns’ awall activate fails with this error:
# awall activate
ip6tables-restore: line 112 failed
/usr/share/lua/5.1/awall/iptables.lua:67: assertion failed!
stack traceback:
/usr/sh...when i add a service ‘netbios-ns’ awall activate fails with this error:
# awall activate
ip6tables-restore: line 112 failed
/usr/share/lua/5.1/awall/iptables.lua:67: assertion failed!
stack traceback:
/usr/share/lua/5.1/awall/uerror.lua:20: in function </usr/share/lua/5.1/awall/uerror.lua:16>
[C]: in function 'assert'
/usr/share/lua/5.1/awall/iptables.lua:67: in function 'restore'
/usr/share/lua/5.1/awall/iptables.lua:81: in function 'activate'
/usr/share/lua/5.1/awall/init.lua:162: in function 'f'
/usr/share/lua/5.1/awall/uerror.lua:15: in function </usr/share/lua/5.1/awall/uerror.lua:15>
[C]: in function 'xpcall'
/usr/share/lua/5.1/awall/uerror.lua:14: in function 'call'
/usr/sbin/awall:281: in function 'f'
/usr/share/lua/5.1/awall/uerror.lua:15: in function </usr/share/lua/5.1/awall/uerror.lua:15>
[C]: in function 'xpcall'
/usr/share/lua/5.1/awall/uerror.lua:14: in function 'call'
/usr/sbin/awall:124: in main chunk
[C]: ?
removing ‘netbios-ns’ makes it work.
*(from redmine: issue id 2263, created on 2013-09-27, closed on 2013-10-02)*Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/2247/var/run/awall gets lost at next reboot (causing awall to fail)2019-07-14T07:55:50ZMika Havela/var/run/awall gets lost at next reboot (causing awall to fail)Having this issue using awall on a HDD installed Alpine (Alpine 2.6.4 /
awall-0.3.2-r0).
When installing awall I get the dir /var/run/awall (everything is fine
at this moment).
But at next reboot, the dir is gone (and therefore awall ...Having this issue using awall on a HDD installed Alpine (Alpine 2.6.4 /
awall-0.3.2-r0).
When installing awall I get the dir /var/run/awall (everything is fine
at this moment).
But at next reboot, the dir is gone (and therefore awall will fail to
start).
A way to fix this is to run ‘apk fix awall’ after each reboot.
*(from redmine: issue id 2247, created on 2013-09-05, closed on 2013-10-01)*
* Changesets:
* Revision 4313b0b6af5dbc79fd777ddaf52762f183259c20 by Kaarle Ritvanen on 2013-09-11T07:56:59Z:
```
create /var/run/awall directory at run-time
fixes #2247
```Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/2243Awall ignore "icmp-type" attribute2019-07-14T07:55:49ZLeonardo ArenaAwall ignore "icmp-type" attributeTake this sample policy:
{
"description": "Essential ICMPs",
"service": {
"frag-needed": { "proto": "icmp", "icmp-type": 3 }
},
"filter": [
{
"service": "frag-needed",
"...Take this sample policy:
{
"description": "Essential ICMPs",
"service": {
"frag-needed": { "proto": "icmp", "icmp-type": 3 }
},
"filter": [
{
"service": "frag-needed",
"action": "accept"
}
]
}
The resulting rule in rules-save file is:
-A FORWARD -p icmp -j ACCEPT
This happens on version 0.3.2-r0. Prior versions haven’t been tested.
Thanks!
*(from redmine: issue id 2243, created on 2013-08-30, closed on 2013-10-31)*Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/2194"ulog" logging mode misses RELATED,ESTABLISHED connections2019-07-14T07:55:42ZLeonardo Arena"ulog" logging mode misses RELATED,ESTABLISHED connectionsThe rule of a logging policy with mode “ulog” it is added always after
the RELATED and ESTABLISHED rules:
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -j logulog-0
If ULOG is being used for...The rule of a logging policy with mode “ulog” it is added always after
the RELATED and ESTABLISHED rules:
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -j logulog-0
If ULOG is being used for netflow traffic accounting this cause the
figures to be completely incorrect. I believe the same thing
happens/applies with logging mode “NFLOG”.
*(from redmine: issue id 2194, created on 2013-08-06, closed on 2013-08-15)*Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/2193"ulog" logging mode adds invalid action "ulog"2019-07-14T07:55:42ZLeonardo Arena"ulog" logging mode adds invalid action "ulog"Consider this sample policy:
{
"description": "Netflow ULOG netfilter probe",
"log": {
"netflow": { "mode": "ulog", "group": 2, "range": "48", "threshold": 20 }
},
"filter": [
{
"o...Consider this sample policy:
{
"description": "Netflow ULOG netfilter probe",
"log": {
"netflow": { "mode": "ulog", "group": 2, "range": "48", "threshold": 20 }
},
"filter": [
{
"out": "INET",
"action": "ulog",
"log": "netflow"
}
]
}
The relevant section of the corresponding rules-save file contains:
-A logulog-0 -j ULOG --ulog-nlgroup 2 --ulog-qthreshold 20 --ulog-cprange 48
-A logulog-0 -j ulog
The line “-A logulog-0 -j ulog” is invalid.
This happens on 0.2.7 and 0.3.1
*(from redmine: issue id 2193, created on 2013-08-06, closed on 2013-10-31)*
* Changesets:
* Revision f3f043ad1b2f4371a4645cbe3854ce91d07adbff by Kaarle Ritvanen on 2013-08-15T10:31:18Z:
```
check correctness of 'action' attribute
ref #2193
```Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/21920.3.1 misses to add "-m helper" where "--helper" switch is used2019-07-14T07:55:41ZLeonardo Arena0.3.1 misses to add "-m helper" where "--helper" switch is usedThis is a diff with not-working rules-save file and with one correctly
working (AWall 0.3.1):
—- rules-save
<span class="underline"></span>+ /etc/iptables/rules-save
@@ –13,13 +13,13 @@
-A INPUT -p tcp -m multiport —dports 22,443 ...This is a diff with not-working rules-save file and with one correctly
working (AWall 0.3.1):
—- rules-save
<span class="underline"></span>+ /etc/iptables/rules-save
@@ –13,13 +13,13 @@
-A INPUT -p tcp -m multiport —dports 22,443 -j ACCEPT
-A INPUT -p udp -m multiport —dports 5060,5061 -j ACCEPT
-A INPUT -p tcp -m multiport —dports 5060,5061 -j ACCEPT
—A INPUT -m conntrack —ctstate RELATED —helper sip -j ACCEPT
+-A INPUT -m conntrack —ctstate RELATED -m helper —helper sip -j
ACCEPT
-A INPUT -p udp —dport 161 -j ACCEPT
-A INPUT -p icmp -j icmp-routing
-A OUTPUT -m conntrack —ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j ACCEPT
—A OUTPUT -m conntrack —ctstate RELATED —helper sip -j ACCEPT
+-A OUTPUT -m conntrack —ctstate RELATED -m helper —helper sip -j
ACCEPT
-A OUTPUT -p icmp -j icmp-routing
-A icmp-routing -p icmp —icmp-type 3 -j ACCEPT
-A icmp-routing -p icmp —icmp-type 11 -j ACCEPT
*(from redmine: issue id 2192, created on 2013-08-03, closed on 2013-10-31)*
* Changesets:
* Revision d5f28021756f59050c46394a6f2ee1d9ab5e8849 by Kaarle Ritvanen on 2013-08-15T08:06:05Z:
```
add missing '-m helper' to rules when required
fixes #2192
```Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/2131Add support for long list of services2019-07-14T07:55:33ZLeonardo ArenaAdd support for long list of servicesIf you create a filter rule like this:
{
“in”: “E”,
“out”: “LOCAL”,
“service”: \[
“ftp”,
“ssh”,
“smtp”,
“dns”,
“http”,
“snmp”,
“snmp-trap”,
“https”,
“rtsp”,
“submission”,
“imaps”,
“radius”,
“radius-acct”,...If you create a filter rule like this:
{
“in”: “E”,
“out”: “LOCAL”,
“service”: \[
“ftp”,
“ssh”,
“smtp”,
“dns”,
“http”,
“snmp”,
“snmp-trap”,
“https”,
“rtsp”,
“submission”,
“imaps”,
“radius”,
“radius-acct”,
“rdp”,
“sip”,
“sip-tls”,
“pgsql”,
“vnc”,
“http-alt”,
“hp-pdl”,
“kerberos”,
“epmap”,
“netbios-ns”,
“netbios-ds”,
“netbios-ssn”,
“ldap”,
“microsoft-ds”,
“ldaps”,
“kpasswd”,
“syslog”,
“msft-gc”,
“msft-gc-ssl”
\],
“action”: “accept”
}
iptables-restore fails with: “too many ports specified”.
I believe AWall should automatically split a long service list into
multiple rules.
*(from redmine: issue id 2131, created on 2013-07-12, closed on 2013-10-31)*
* Changesets:
* Revision 0c599d7cccd9e9ae320583f5961bdf25a3f1af02 by Kaarle Ritvanen on 2013-08-15T09:13:06Z:
```
split into multiple rules when multiport module's port limit is exceeded
fixes #2131
```Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/1584awall activate failed to restore running configuration2019-07-14T07:54:21ZTimo Teräsawall activate failed to restore running configurationSeems that on certain conditions activate does not restore running
configuration if the new rules fail to install.
I observed this on one box when using high flow-limit (50/s) which
kernel refused due to the recent match’s max packet co...Seems that on certain conditions activate does not restore running
configuration if the new rules fail to install.
I observed this on one box when using high flow-limit (50/s) which
kernel refused due to the recent match’s max packet count limit of 20.
As the rules were flawed they failed to install. However, it seems that
also restore of previous config failed, and as final result the box was
left with empty rules, with policy of DROP.
*(from redmine: issue id 1584, created on 2013-01-24, closed on 2013-02-08)*
* Changesets:
* Revision 35c741f3fe156da3572d51d043709a4f73643c39 by Kaarle Ritvanen on 2013-01-30T08:14:11Z:
```
improved error handling
do not print stack trace in case of user errors, fixes #1453
immediate fallback after failed activation, even with --force, before main process exit, fixes #1584
```Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/1535IPSet support in Awall: family option not supported.2021-01-01T09:16:13ZFrancesco ColistaIPSet support in Awall: family option not supported.I’m trying to use ipset with awall.
This is the json i’m using:
```
{
“description”: “Mac Filtering on No-DHCP Interface”,
“import”: “bsna-resnet-base”,
“ipset”: {
“netnodhcp”: {
“type”: “bitmap:ip,mac”,
“range”: “172.17.48....I’m trying to use ipset with awall.
This is the json i’m using:
```
{
“description”: “Mac Filtering on No-DHCP Interface”,
“import”: “bsna-resnet-base”,
“ipset”: {
“netnodhcp”: {
“type”: “bitmap:ip,mac”,
“range”: “172.17.48.0/22”,
“family”: “inet”
}
},
“filter”: \[
{
“in”: “D601”,
“ipset”: { “name”: “netnodhcp”, “args”: “in” },
“out”: “E”,
“action”: “accept”
}
\]
}
```
applying this rule with awall activate, i got this error:
ipset v6.14: Unknown argument: \`family’
Try \`ipset help’ for more information.
ipset creation failed: netnodhcpWarning: inet6 rules not tested
New firewall configuration activated
Problem seems exists because ipset command receive “family” as
arguments, that ipset does not handle.
I found make it works with the following patch, substituting “family”
options with “range”:
```
—- ./usr/share/lua/5.1/awall/ipset.lua
<span class="underline"></span>+ ipset.lua
@@ –17,7 +17,8 @@
local ipset = self.config\[name\]
if not ipset.type then ipset:error(‘Type not defined’) end
if not ipset.family then ipset:error(‘Family not defined’) end
- return {ipset.type, ‘family’, ipset.family}
+ return {ipset.type, ‘range’, ipset.range }
+— return {ipset.type, ‘family’, ipset.family}
end
function IPSet:dumpfile(name, ipsfile)
@@ –28,10 +29,9 @@
function IPSet:create()
for name, ipset in pairs(self.config) do
\- local pid = lpc.run(‘ipset’, ‘-!’, ‘create’, name,
\- unpack(self:options(name)))
+ local pid = lpc.run(‘ipset’, ‘-!’, ‘create’, name,
unpack(self:options(name)))
if lpc.wait(pid) ~= 0 then
- io.stderr:write(‘ipset creation failed: ’..name)
+ io.stderr:write(‘ipset creation failed: ’..name)
end
end
end
```
I’d like to know your opinion at this regard.
Thanks.
*(from redmine: issue id 1535, created on 2013-01-07, closed on 2013-02-08)*
* Changesets:
* Revision a7c8d0718ea806423dce46c1b0163ee058fe1037 by Kaarle Ritvanen on 2013-01-18T18:19:43Z:
```
properly support ipset types other than hashes
move ipset config object handling to model.lua
fixes #1535
```Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/1453AWall list crashes if blank file found in /etc/awall/optional2019-07-14T07:54:02ZTed TraskAWall list crashes if blank file found in /etc/awall/optionalUsing awall-0.2.12-r0 from edge repository. Create a blank file “touch
/etc/awall/optional/test.json” and then run “awall list”. This results
in an exception from the JSON parsing library.
*(from redmine: issue id 1453, created on 2012...Using awall-0.2.12-r0 from edge repository. Create a blank file “touch
/etc/awall/optional/test.json” and then run “awall list”. This results
in an exception from the JSON parsing library.
*(from redmine: issue id 1453, created on 2012-10-26, closed on 2013-02-08)*
* Changesets:
* Revision 35c741f3fe156da3572d51d043709a4f73643c39 by Kaarle Ritvanen on 2013-01-30T08:14:11Z:
```
improved error handling
do not print stack trace in case of user errors, fixes #1453
immediate fallback after failed activation, even with --force, before main process exit, fixes #1584
```Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/awall/-/issues/1449awall crasches if a enabled policy loses it's policy-file2019-07-14T07:54:01ZMika Havelaawall crasches if a enabled policy loses it's policy-fileThis would most likely not happen too often.
But it /could/ happen for various reasons. And when/if it happens, then
users will need to have good understanding of awall in order to resolve
from the problem.
Reproduce the problem this ...This would most likely not happen too often.
But it /could/ happen for various reasons. And when/if it happens, then
users will need to have good understanding of awall in order to resolve
from the problem.
Reproduce the problem this way:
cat <<EOF > /usr/share/awall/optional/testpolicy.json
{
"description": "Testpolicy"
}
EOF
awall enable testpolicy
So far nothing special.
Now to the situation that the file disappears for some reason (corrupt
file, accidental removal, other unknown reason)
rm /usr/share/awall/optional/testpolicy.json
awall list
Above will produce a error that looks something like:
/usr/bin/lua: /usr/share/lua/5.1/awall/policy.lua:128: Import failed: testpolicy
stack traceback:
[C]: in function 'error'
/usr/share/lua/5.1/awall/policy.lua:128: in function 'loadJSON'
/usr/share/lua/5.1/awall/policy.lua:150: in function 'require'
/usr/share/lua/5.1/awall/policy.lua:156: in function 'load'
/usr/share/lua/5.1/awall/policy.lua:244: in function 'list'
/usr/sbin/awall:115: in main chunk
[C]: ?
I haven’t found any way to solve the issue by using awall (I didn’t try
awall flush because then I lose ssh connection to the box).
The only way to solve this (as I can find out) is to:
- Recreate the missing file
- Remove broken symlink from /etc/awall/
Maybe those are the right way to solve the issue - but still I think it
would be good if awall could handle the situation where a file is
missing instead of crashing.
Maybe have ‘awall list’ display a warning that the enabled policy is
missing it’s file (or broken for some reason). Maybe even give a example
on how to resolve the problem.
*(from redmine: issue id 1449, created on 2012-10-23, closed on 2012-11-02)*
* Changesets:
* Revision f03aa51cf9ee49fa09996739e255c0a2f4cd36d0 by Kaarle Ritvanen on 2012-10-30T09:14:39Z:
```
mention policy file path in error message when reading fails
fixes #1449
```Kaarle RitvanenKaarle Ritvanen