Hi. I get an error about a missing file when I restart the firewall service. Everything seems to work as expected, though, as far as I've seen. Firmware version 4.6.8.
root@GL-AX1800:~# service firewall restart
(...)
* Running script '/etc/firewall.vpn_client_deal_leak.sh'
iptables v1.8.7 (legacy): Couldn't load target `deal_client_leak':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
! Failed with exit code 1
(...)
I also get several warnings. Full output:
root@GL-AX1800:~# service firewall restart
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Warning: Section @zone[1] (wan) cannot resolve device of network 'wwan'
Warning: Section @zone[2] (guest) cannot resolve device of network 'guest'
Warning: Option @redirect[0].idx is unknown
Warning: Option @redirect[1].idx is unknown
Warning: Option @redirect[2].idx is unknown
Warning: Option @redirect[3].idx is unknown
Warning: Section @redirect[4] (test) has no target specified, defaulting to DNAT
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Warning: Section @zone[2] (guest) has no device, network, subnet or extra options
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv4 raw table
* Flushing IPv6 filter table
* Flushing IPv6 nat table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'Allow-DHCP'
* Rule 'Allow-DNS'
* Redirect 'test'
! Skipping due to different family of ip address
* Forward 'lan' -> 'wan'
* Forward 'guest' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Populating IPv4 nat table
* Redirect 'test'
! Skipping due to different family of ip address
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Populating IPv4 mangle table
* Rule 'process_mark'
* Rule 'process_mark_dns'
* Rule 'process_explict_vpn'
* Rule 'process_mark_stubby'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Populating IPv4 raw table
* Zone 'lan'
- Using automatic conntrack helper attachment
* Zone 'wan'
* Zone 'guest'
- Using automatic conntrack helper attachment
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Rule 'Allow-DHCP'
* Rule 'Allow-DNS'
* Rule 'Allow-DHCP-IPV6'
* Rule 'Allow-ICMP-IPV6'
* Rule 'GL-Caddy'
* Forward 'lan' -> 'wan'
* Forward 'guest' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Populating IPv6 nat table
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_guest_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_guest_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Populating IPv6 mangle table
* Rule 'process_mark'
* Rule 'process_mark_dns'
* Rule 'process_explict_vpn'
* Rule 'process_mark_stubby'
* Zone 'lan'
* Zone 'wan'
* Zone 'guest'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
* Running script '/etc/firewall.nat6'
* Running script '/etc/firewall.vpn_server_policy.sh'
* Running script '/etc/firewall.vpn_client_deal_leak.sh'
iptables v1.8.7 (legacy): Couldn't load target `deal_client_leak':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
! Failed with exit code 1
* Running script '/usr/bin/gl_block.sh'