Hi
Why does LuCI, keep getting uninstalled with a uninstallation of the firewall package? This is happening on several Meraki APs. Could we fix this please? Also, what would it take to add support for the Meraki MR30H/MR34/MR46?
Why are you removing the firewall? And what commands are you issuing?
And also, what is the output of
ubus call system board
1 Like
This is a AP. It doesn't need it.
But it doesn’t need to be removed. Why are you removing it?
1 Like
“luci” is an empty meta package selecting common components, which includes luci-app-firewall. If you uninstall the firewall package, the empty “luci” meta package is uninstalled as well since the dependencies are not satisfied anymore. LuCI continues to function just fine though since the actual functionality is in luci-base, luci-mod-, luci-theme-, luci-app-* etc. packages.
2 Likes
No, it doesn't. I loose access entirely.
Then please provide the exact steps performed along with the corresponding console output. I justed tested uninstalling the firewall in an x86/64 QEMU VM and LuCI continued to work as expected.
[ 15.510113] br-lan: port 1(eth0) entered blocking state
[ 15.512955] br-lan: port 1(eth0) entered disabled state
[ 15.517814] device eth0 entered promiscuous mode
[ 17.506139] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[ 17.512667] br-lan: port 1(eth0) entered blocking state
[ 17.515229] br-lan: port 1(eth0) entered forwarding state
[ 17.584333] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
BusyBox v1.36.1 (2023-11-14 13:38:11 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 23.05.2, r23630-842932a63d
-----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:/#
root@OpenWrt:/#
root@OpenWrt:/# wget -O- http://127.0.0.1/cgi-bin/luci/
Downloading 'http://127.0.0.1/cgi-bin/luci/'
Connecting to 127.0.0.1:80
HTTP error 403
root@OpenWrt:/# opkg remove luci-ssl luci luci-light luci-app-firewall
Removing package luci-ssl from root...
Removing package luci from root...
Removing package luci-light from root...
Removing package luci-app-firewall from root...
root@OpenWrt:/# wget -O- http://127.0.0.1/cgi-bin/luci/
Downloading 'http://127.0.0.1/cgi-bin/luci/'
Connecting to 127.0.0.1:80
HTTP error 403
root@OpenWrt:/#
Login and using LuCI still works after the opkg remove, just the firewall menu becomes inaccessible.
1 Like
OP probably meant the firewall4 package, not the luci fw package.
1 Like
After a Reboot? I usually use opkg remove firewall4.
Correct. I did.and the V6 one too.
Same result when removing the firewall4 package:
[ 17.827029] br-lan: port 1(eth0) entered forwarding state
[ 17.900448] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
BusyBox v1.36.1 (2023-11-14 13:38:11 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 23.05.2, r23630-842932a63d
-----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:/# opkg remove firewall4
No packages removed.
Collected errors:
* print_dependents_warning: Package firewall4 is depended upon by packages:
* print_dependents_warning: luci-app-firewall
* print_dependents_warning: These might cease to work if package firewall4 is removed.
* print_dependents_warning: Force removal of this package with --force-depends.
* print_dependents_warning: Force removal of this package and its dependents
* print_dependents_warning: with --force-removal-of-dependent-packages.
root@OpenWrt:/# opkg --force-removal-of-dependent-packages remove firewall4
Removing package luci-ssl from root...
Removing package luci from root...
Removing package luci-light from root...
Removing package luci-app-firewall from root...
Removing package firewall4 from root...
root@OpenWrt:/# wget -O- http://127.0.0.1/cgi-bin/luci/
Downloading 'http://127.0.0.1/cgi-bin/luci/'
Connecting to 127.0.0.1:80
HTTP error 403
root@OpenWrt:/# /www/cgi-bin/luci
Status: 403 Forbidden
x-luci-login-required: yes
content-type: text/html; charset=UTF-8
cache-control: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
<!DOCTYPE html>
<html lang="en" >
<head>
<meta charset="utf-8">
<title>OpenWrt - LuCI</title>
...
LuCI continues to function just fine. Btw, there is no "V6" firewall package, so once again @appleeimac - please state exactly what you did.
For completeness, after reboot:
[ 13.714256] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
BusyBox v1.36.1 (2023-11-14 13:38:11 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 23.05.2, r23630-842932a63d
-----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:/# nft list ruleset
root@OpenWrt:/# fw4
/bin/ash: fw4: not found
root@OpenWrt:/# netstat -nltp | grep uhttpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1455/uhttpd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1455/uhttpd
tcp 0 0 :::80 :::* LISTEN 1455/uhttpd
tcp 0 0 :::443 :::* LISTEN 1455/uhttpd
root@OpenWrt:/# wget -O- http://127.0.0.1/cgi-bin/luci/
Downloading 'http://127.0.0.1/cgi-bin/luci/'
Connecting to 127.0.0.1:80
HTTP error 403
root@OpenWrt:/#
root@OpenWrt:/# /www/cgi-bin/luci | head
Status: 403 Forbidden
x-luci-login-required: yes
content-type: text/html; charset=UTF-8
cache-control: no-cache
expires: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
<!DOCTYPE html>
root@OpenWrt:/#
2 Likes
I removed the package via the CLI, then LuCI ceased to allow connections, stating "Connection refused" on a MR24/MR66 (Yes, the 66 is supported, it's a MR16 in a Outdoor case. Just like the MR74 is a MR33 (The 74 needs it's page updated btw)
So what command did you enter exactly via cli?
1 Like
opkg remove firewall4
And what was the output? An "opkg remove firewall4" alone should not even remove anything without passing additional force flags.
1 Like
Just returned me to the prompt.
Does not sound like vanilla OpenWrt then, opkg should print at least something. Either No packages removed. or Removing package ... from root...
1 Like
Yeah, sorry, it's been a while. It did say "Removing package firewall4 from root"
1 Like
Sounds like LuCI might not even be installed in the first place, otherwise opkg would've refused deinstallation with "Package firewall4 is depended upon by packages:" without providing an additional --force-removal-of-dependent-packages argument.
Check the release details printed by ubus call system board and the output of opkg list-installed luci*. The former should report a non-snapshot release (snapshot builds come without preinstalled LuCI) and the latter should list the following packages (with potentially different versions):
root@OpenWrt:/# opkg list-installed luci*
luci-app-opkg - git-23.311.75635-769b30c
luci-base - git-23.306.39416-c86c256
luci-mod-admin-full - git-19.253.48496-3f93650
luci-mod-network - git-23.313.56166-6da284d
luci-mod-status - git-23.306.52197-bdcd3e0
luci-mod-system - git-23.306.39416-7d3abf8
luci-proto-ipv6 - git-21.148.48881-79947af
luci-proto-ppp - git-21.158.38888-88b9d84
luci-theme-bootstrap - git-23.306.39416-c86c256
root@OpenWrt:/#
2 Likes
Odd, seems to be working now. Now about those other things