Firewall zone with name >= 13 caracters takes the routeur down

I encountered a very nasty bug
(prepare serial connexion if you want to reproduice bug)

I was adding a new wlan with SSID named IoT and when I added a firewall zone for this wlan which I called ‘IoT_untrusted’, my connexion to the router time out, and all my network went down…
Router still powered on, impossible to connect to, even after an hard reboot.

I had to connect via serial connexion, all my config files seems to be good.
So I have done a btrfs rollback to last snapshot, which worked. (edit: with physical button)

And same again, I re-added my firewall zone, and when applied -> freeze
With serial connexion still pluged, I rename my new fresh zone to ‘IoT’, the I called ‘/etc/init.d/firewall restart’, and everything was alive again

I finaly discovered that, if you give name to your zone with 13 or more caracters, the routeur goes down

config zone
option name ‘1234567890123’
option input ‘REJECT’
option forward ‘REJECT’
option output ‘ACCEPT’
option network ‘IoT’

doing a firewall restart, if > 13 caracters, I can see these 3 lines at the end of cmd output:
‘iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
ip6tables: No chain/target/match by that name.’

When router is down, absolutely nothing is working: even no switch , so entire network down if the turris is the main switch

Very vicious bug which can be easily be hit, and very difficult to revert (serial connexion needed) just for a too long name…

In any case, thank you very much for the hard work you are doing on this perfect open router !!!

For reference, I believe it should work to revert to the last snapshot by the physical button:

yes this is what I’ve done ! very usefull to have implemented btrfs with snapshots. Loved it !!

1 Like