Firewall not working - Githubissues

jorik392 commented 3 years ago

Hello, I updated to latest git version but the firewall has stopped working for some reason. The GUI shows running and the service is running but rules take no effect and firewall seems to not be working.

Errors I find in /var/log/opensnitchd.log: IMP . Start writing logs to %!(EXTRA string=/var/log/opensnitchd.log) ERR . Error while running DNS firewall rule: exit status 1 ERR . Error while running firewall rule, ipv4 err: exit status 1, ipv6 err: exit status 3 ERR . rule: [-N opensnitch-filter-OUTPUT -t mangle] IMP . firewall rules changed, reloading ERR . Error while running DNS firewall rule: exit status 1 ERR . Error while running firewall rule, ipv4 err: exit status 1, ipv6 err: exit status 3 ERR . rule: [-N opensnitch-filter-OUTPUT -t mangle] IMP . firewall rules changed, reloading and repeat...

Thanks

gustavo-iniguez-goya commented 3 years ago

I updated to latest git version

manually or via some package (AUR, etc)?

Does the file system-fw.json exist in /etc/opensnitchd/ ?

Ok, some questions:

Could you post the output of iptables -L OUTPUT while the issue is reproduced?
Insert please the problematic rule manually to see if it outputs any error: iptables -I INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
Check system logs to see if there are more errors related to iptables: journalctl -ar|grep iptables

I'll try to reproduce this error.

thnak you!

jorik392 commented 3 years ago

Used aur and system-fw.json exists.

iptables -L OUTPUT Chain OUTPUT (policy ACCEPT) target prot opt source destination
ufw-before-logging-output all -- anywhere anywhere
ufw-before-output all -- anywhere anywhere
ufw-after-output all -- anywhere anywhere
ufw-after-logging-output all -- anywhere anywhere
ufw-reject-output all -- anywhere anywhere
ufw-track-output all -- anywhere anywhere

No error when inserting the problematic rule.

There is a repeating iptables error like below in journalctl kernel: audit: type=1325 audit(): table=mangle family=2 entries=133 op=xt_replace pid=2100 subj==unconfined comm="iptables" audit[2100]: NETFILTER_CFG table=mangle family=2 entries=133 op=xt_replace pid=2100 subj==unconfined comm="iptables" With different entries/pid values

gustavo-iniguez-goya commented 3 years ago

Could you post the output of iptables -L OUTPUT while the issue is reproduced?

sorry, I meant iptables -t mangle -L and ip6tables -t mangle -L. Save the output in order to post it here.

After that, stop the service, clean the rules and start the service again:

service opensnitch stop

iptables -t mangle -F OUTPUT
iptables -t mangle -F opensnitch-filter-OUTPUT
iptables -t mangle -X opensnitch-filter-OUTPUT

ip6tables -t mangle -F OUTPUT
ip6tables -t mangle -F opensnitch-filter-OUTPUT
ip6tables -t mangle -X opensnitch-filter-OUTPUT

iptables -D INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -D INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass

iptables -D OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass
ip6tables -D OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass

service opensnitch start

lets see if we can figure out what's going on here.

jorik392 commented 3 years ago

iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination

Chain INPUT (policy ACCEPT) target prot opt source destination

Chain FORWARD (policy ACCEPT) target prot opt source destination

Chain OUTPUT (policy ACCEPT) target prot opt source destination
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere
opensnitch-filter-OUTPUT all -- anywhere anywhere

Chain POSTROUTING (policy ACCEPT) target prot opt source destination

Chain opensnitch-filter-OUTPUT (123 references) target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

ip6tables -t mangle -L ip6tables v1.8.6 (legacy): can't initialize ip6tables table `mangle': Address family not supported by protocol Perhaps ip6tables or your kernel needs to be upgraded.

When running iptables -D OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass there is error: iptables: No chain/target/match by that name.

When running ip6tables -D OUTPUT -t mangle -m conntrack --ctstate NEW,RELATED -j NFQUEUE --queue-num 0 --queue-bypass there is error: Could not open socket to kernel: Address family not supported by protocol

gustavo-iniguez-goya commented 3 years ago

Could not open socket to kernel: Address family not supported by protocol

ok, so it looks like you don't have IPv6 enabled. I'll try to reproduce it without IPv6.

[edit] reproduced! fixing.

Thank you!

gustavo-iniguez-goya commented 3 years ago

It should be fixed with this commit @jorik392 , it'd be cool if you could test it before it's packaged for Arch.

In either case, let me know please if it's fixed.

jorik392 commented 3 years ago

Thanks @gustavo-iniguez-goya, existing rules seem to be working and popups/connections are showing up now.

I did notice though that when I click a program popup action such as allow or deny the GUI crashes completely.

Errors in /var/log/opensnitchd.log:

IMP . Start writing logs to %!(EXTRA string=/var/log/opensnitchd.log) WAR . Error while asking for rule: rpc error: code = Unavailable desc = transport is closing - /usr/bin/python3.8 (2115) -> github.com:53 (proto:udp uid:0) ERR . Invalid rule received, applying default action ERR . Connection to the UI service lost. ERR . getting notifications: %!(EXTRA status.statusError=rpc error: code = Unavailable desc = transport is closing, protocol.Notification=)

gustavo-iniguez-goya commented 3 years ago

ERR . Invalid rule received, applying default action

maybe you have different versions of GUI and daemon? both should be 1.3.0*.

Set logs to DEBUG, reproduce the problem and paste the output here please.

jorik392 commented 3 years ago

Daemon and GUI version are both 1.3.0*.

In the GUI the allowed/denied connections have corresponding rule as "ui.client.disconnected".

/var/log/opensnitchd.log after restarting service then clicking deny on popup which causes GUI to crash: IMP . Start writing logs to %!(EXTRA string=/var/log/opensnitchd.log) INF . Process monitor method /proc DBG . UI service poller started for socket /tmp/osui.sock INF . Running on netfilter queue #0 ... DBG . client.disconnect() DBG . client.disconnect() DBG . client.disconnect() DBG . client.disconnect() DBG . client.disconnect() INF . Connected to the UI service on /tmp/osui.sock INF . Start receiving notifications DBG . new connection udp => 21934:192.168.1.113 -> 192.168.1.1:53 uid: %!(EXTRA uint32=0) DBG . [0/1] outgoing connection: 21934:192.168.1.113 -> 192.168.1.1:53 || netlink response: 21934:192.168.1.113 -> 192.168.1.1:53 inode: 32142 - loopback: false multicast: false unspecified: false linklocalunicast: false ifaceLocalMulticast: false GlobalUni: true DBG . new pid lookup took%!(EXTRA int=559, time.Duration=29.120834ms) DBG . [0] PID found 559 ERR . getting notifications: %!(EXTRA status.statusError=rpc error: code = Unavailable desc = transport is closing, protocol.Notification=) INF . Stop receiving notifications WAR . Error while asking for rule: rpc error: code = Unavailable desc = transport is closing - /usr/bin/python3.8 (559) -> github.com:53 (proto:udp uid:0) ERR . Invalid rule received, applying default action ERR . Connection to the UI service lost. DBG . client.disconnect() DBG . new connection udp => 5115:192.168.1.113 -> 192.168.1.1:53 uid: %!(EXTRA uint32=985) DBG . [0/1] outgoing connection: 5115:192.168.1.113 -> 192.168.1.1:53 || netlink response: 5115:0.0.0.0 -> 0.0.0.0:0 inode: 13925 - loopback: false multicast: false unspecified: false linklocalunicast: false ifaceLocalMulticast: false GlobalUni: true DBG . GetSocketInfo() invalid: 53:0.0.0.0 -> 0.0.0.0:0 DBG . netlink socket not found, adding entry: 5115:192.168.1.113 -> 192.168.1.1:53 || 53:0.0.0.0 -> 0.0.0.0:0 inode: 13925 state: close DBG . Inode found in cache%!(EXTRA time.Duration=5.665µs, *procmon.Inode=&{559 /proc/559/fd/12}, int=13925, string=13925 192.168.1.113 5115 192.168.1.1 53) DBG . new pid lookup took%!(EXTRA int=559, time.Duration=14.104271ms) DBG . [0] PID found 559 DBG . ... /usr/bin/python3.8 -> github.com:53 (ui.client.disconnected) DBG . client.disconnect() DBG . client.disconnect() DBG . client.disconnect() DBG . new connection udp => 30722:192.168.1.113 -> 192.168.1.1:53 uid: %!(EXTRA uint32=0) DBG . [0/1] outgoing connection: 30722:192.168.1.113 -> 192.168.1.1:53 || netlink response: 30722:192.168.1.113 -> 192.168.1.1:53 inode: 39370 - loopback: false multicast: false unspecified: false linklocalunicast: false ifaceLocalMulticast: false GlobalUni: true DBG . Socket found in known pids 244.11µs, pid: 559, inode: 39370, pids in cache: %!d(string=pos)%!(EXTRA int=0, int=2) DBG . [0] PID found 559 DBG . ... /usr/bin/python3.8 -> github.com:53 (ui.client.disconnected) DBG . client.disconnect() DBG . client.disconnect() DBG . client.disconnect() DBG . client.disconnect()

gustavo-iniguez-goya commented 3 years ago

clicking deny on popup which causes GUI to crash:

mmh, can you launch the GUI from a terminal and see if it outputs any error? opensnitch-ui

On the other hand, I see that you have a python app talking to github (/usr/bin/python3.8 -> github.com:53) , can you post what is it? If you open a connection with telnet/firefox/ping and allow/deny it, does the GUI also crash?

jorik392 commented 3 years ago

I tried telnet/firefox/ping but the GUI still crashes.

After launching GUI from terminal until GUI crashes: new node connected, listening for client responses... /tmp/osui.sock Traceback (most recent call last): File "/usr/lib/python3.8/site-packages/opensnitch/dialogs/prompt.py", line 364, in _on_deny_clicked self._send_rule() File "/usr/lib/python3.8/site-packages/opensnitch/dialogs/prompt.py", line 390, in _send_rule rule_temp_name = self._get_rule_name() File "/usr/lib/python3.8/site-packages/opensnitch/dialogs/prompt.py", line 371, in _get_rule_name rule_temp_name = slugify("%s %s" % (self._rule.action, self._rule.duration)) TypeError: 'module' object is not callable Aborted (core dumped)

gustavo-iniguez-goya commented 3 years ago

ha! there it is.

I'll try to reproduce and fix it. Thank you!

gustavo-iniguez-goya commented 3 years ago

Please, execute this line in a terminal and see if it works or if it outputs the same error:

python3.8 -c 'from slugify import slugify; print(slugify("test aa bb cc dd"))'

it should return test-aa-bb-cc-dd

If that works, can you replace the attched prompt.py.txt by yours /usr/lib/python3.8/site-packages/opensnitch/dialogs/prompt.py and try again?

if it crashes paste the stacktrace again please.

jorik392 commented 3 years ago

After running command: Traceback (most recent call last): File "", line 1, in TypeError: 'module' object is not callable

gustavo-iniguez-goya commented 3 years ago

oops, so it's something related to slugify.

The package should be installed under /usr/lib/python3.8/site-packages/slugify/ https://www.archlinux.org/packages/community/any/python-slugify/files/

Reinstall it or ask on the Arch forums.

jorik392 commented 3 years ago

I checked and slugify is installed under /usr/lib/python3.8/site-packages/slugify/.

I noticed the aur package changed few months ago from using python-unicode-slugify to python-slugify. Do you think that could have something to do with this issue?

gustavo-iniguez-goya commented 3 years ago

in theory no, otherwise other users would have noticed it. But I can't tell for sure.

gustavo-iniguez-goya / opensnitch

Firewall not working #96