Dynamic firewall and Let's encrypt

Hi,
i just spent some time troubleshooting why Let’s Encrypt validation is failing on my web server and it seems that Dynamic Firewall feature was the reason. As I saw DROP events logged in iptables log file on the Turris at the same time as validation script was running and when I disabled Dynamic Firewall the validation then immediately completed successfully.

Is there any place where I can look up the IP address against the firewall database? Or even a place where we can submit these false positives?

I’d like to keep dynamic firewall enabled but as it’s now blocking me from using Let’s Encrypt I will keep it disabled for now.

Kind regards
Vladimír

Hi, may be the same issue as here ?

You can list dynamic firewall database using:
ipset list turris-sn-dynfw-block

2 Likes