Firewall zone with name >= 13 caracters takes the routeur down

Hi,
I encountered a very nasty bug
(prepare serial connexion if you want to reproduice bug)

I was adding a new wlan with SSID named IoT and when I added a firewall zone for this wlan which I called ‘IoT_untrusted’, my connexion to the router time out, and all my network went down…
Router still powered on, impossible to connect to, even after an hard reboot.

I had to connect via serial connexion, all my config files seems to be good.
So I have done a btrfs rollback to last snapshot, which worked. (edit: with physical button)

And same again, I re-added my firewall zone, and when applied -> freeze
With serial connexion still pluged, I rename my new fresh zone to ‘IoT’, the I called ‘/etc/init.d/firewall restart’, and everything was alive again

I finaly discovered that, if you give name to your zone with 13 or more caracters, the routeur goes down
example:

config zone
option name ‘1234567890123’
option input ‘REJECT’
option forward ‘REJECT’
option output ‘ACCEPT’
option network ‘IoT’

doing a firewall restart, if > 13 caracters, I can see these 3 lines at the end of cmd output:
‘iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
ip6tables: No chain/target/match by that name.’

When router is down, absolutely nothing is working: even no switch , so entire network down if the turris is the main switch

So:
Very vicious bug which can be easily be hit, and very difficult to revert (serial connexion needed) just for a too long name…

In any case, thank you very much for the hard work you are doing on this perfect open router !!!

For reference, I believe it should work to revert to the last snapshot by the physical button: https://doc.turris.cz/doc/en/howto/omnia_factory_reset#rollback_to_latest_snapshot

yes this is what I’ve done ! very usefull to have implemented btrfs with snapshots. Loved it !!

1 Like