search

coolsnowwolf / lede

Lean's LEDE source
Other
29.87k stars 19.54k forks source link

防火墙设置后自定义规则丢失 #12381

Open smallprogram opened 3 months ago

smallprogram commented 3 months ago

详细叙述

当我在防火墙的自定义规则中添加了一些我自己的规则,例如使用iptables 向zone_lan_input 添加了一些自定义规则,当点击重启防火墙后,可以看到对应的链规则生效了。 当我在防火墙UI界面中,修改了一些转发规则后,点击保存并应用,再次查看防火墙中的链,我发现原有的自定义规则丢失了。我必须要手动点击重启防火墙才能让自定义规则恢复回来。

日志中,当点击保存并应用时,没有日志,当点击重启防火墙后有相关日志。从当前的结果看,应该是保存并应用没有执行firewall.user中的命令,而且还发现了一些规则丢失的情况。

重复 issue

具体型号

X86 6.6内核

详细日志

Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Flushing IPv4 filter table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Flushing IPv4 nat table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Flushing IPv4 mangle table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Flushing IPv4 raw table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Flushing IPv6 filter table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Flushing IPv6 nat table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Flushing IPv6 mangle table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Flushing conntrack table ...
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Populating IPv4 filter table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-DHCP-Renew'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-Ping'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-IGMP'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-IPSec-ESP'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-ISAKMP'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'adblock'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'ike'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'ipsec'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'ah'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'esp'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'openvpn'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'pptp'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'gre'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Rule 'kms'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect '130服务器'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect '外部访问OP'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect 'PC远程'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect '80端口'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect '443端口'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Forward 'lan' -> 'wan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Forward 'vpn' -> 'wan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Forward 'vpn' -> 'lan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Forward 'lan' -> 'vpn'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'lan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'wan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'docker'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'VPN'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'vpn'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Populating IPv4 nat table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect '130服务器'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect '外部访问OP'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect 'PC远程'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect '80端口'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Redirect '443端口'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'lan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'wan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'docker'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'VPN'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'vpn'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Populating IPv4 mangle table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'lan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'wan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'docker'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'VPN'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'vpn'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:  * Populating IPv4 raw table
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'lan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:      - Using automatic conntrack helper attachment
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'wan'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:    * Zone 'docker'
Sat Aug  3 23:01:15 2024 daemon.err uhttpd[3807]:      - Using automatic conntrack helper attachment
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'VPN'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:      - Using automatic conntrack helper attachment
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'vpn'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Populating IPv6 filter table
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-DHCPv6'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-MLD'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-ICMPv6-Input'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-ICMPv6-Forward'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-IPSec-ESP'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'Allow-ISAKMP'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'adblock'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'ike'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'ipsec'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'ah'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'esp'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'openvpn'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'pptp'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'gre'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Rule 'kms'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Forward 'lan' -> 'wan'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Forward 'vpn' -> 'wan'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Forward 'vpn' -> 'lan'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Forward 'lan' -> 'vpn'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'lan'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'wan'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'docker'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'VPN'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'vpn'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Populating IPv6 nat table
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_docker_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_docker_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_VPN_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_VPN_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_vpn_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_vpn_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'lan'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'wan'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'docker'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'VPN'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'vpn'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Populating IPv6 mangle table
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'lan'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'wan'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'docker'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'VPN'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    * Zone 'vpn'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Set tcp_ecn to off
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Set tcp_syncookies to on
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Set tcp_window_scaling to on
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/etc/firewall.user'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/etc/zerotier.start'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/usr/share/miniupnpd/firewall.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/var/etc/adbyby.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    ! Skipping due to path error: No such file or directory
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/etc/ipsec.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/etc/mia.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/var/etc/openclash.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    ! Skipping due to path error: No such file or directory
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/var/etc/passwall.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: never matched protocol: ah. use extension match instead.
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/var/etc/passwall_server.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]: Warning: never matched protocol: ah. use extension match instead.
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/var/etc/passwall2.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    ! Skipping due to path error: No such file or directory
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/var/etc/passwall2_server.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    ! Skipping due to path error: No such file or directory
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/etc/pptpd.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/var/etc/shadowsocksr.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    ! Skipping due to path error: No such file or directory
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/var/etc/unblockmusic.include'
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:    ! Skipping due to path error: No such file or directory
Sat Aug  3 23:01:16 2024 daemon.err uhttpd[3807]:  * Running script '/etc/wrtbwmon.include'
yanxin152133 commented 2 months ago

https://openwrt.org/docs/guide-user/firewall/firewall_configuration#default_drop-in_includes