No rules get loaded on reboot.
/etc/init.d/firewall restart do not get the firewall going.
Works again after manually running 'service firewall restart' or pressing reload firewall in luci.
How can I get the firewall to work on a reboot?
As 'service firewall restart' don't work from rc.local (before exit 0).
Raspberry pi, lxc container
OpenWrt 21.02.1, r16325-88151b8303
system log
with
cat /etc/rc.local
/etc/init.d/firewall restart
exit 0
Sat Nov 20 07:19:15 2021 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Sat Nov 20 07:19:15 2021 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: Connected to system UBus
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: started, version 2.85 cachesize 150
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: DNS service limited to local subnets
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: UBus support enabled: connected to system bus
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain test
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain onion
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain localhost
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain local
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain invalid
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain bind
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain lan
Sat Nov 20 07:19:15 2021 daemon.warn dnsmasq[500]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: read /etc/hosts - 4 addresses
Sat Nov 20 07:19:15 2021 daemon.info dnsmasq[500]: read /tmp/hosts/dhcp.cfg01411c - 1 addresses
Sat Nov 20 07:19:15 2021 user.notice : Added device handler type: 8021ad
Sat Nov 20 07:19:15 2021 user.notice : Added device handler type: 8021q
Sat Nov 20 07:19:15 2021 user.notice : Added device handler type: macvlan
Sat Nov 20 07:19:15 2021 user.notice : Added device handler type: veth
Sat Nov 20 07:19:15 2021 user.notice : Added device handler type: bridge
Sat Nov 20 07:19:15 2021 user.notice : Added device handler type: Network device
Sat Nov 20 07:19:15 2021 user.notice : Added device handler type: tunnel
Sat Nov 20 07:19:15 2021 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces?
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'lan' is enabled
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'lan' is setting up now
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'lan' is now up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: bridge 'br-lan' link is up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'lan' has link connectivity
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'srv' is enabled
Sat Nov 20 07:19:15 2021 daemon.notice netifd: bridge 'br-lxc' link is up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'srv' has link connectivity
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'srv' is setting up now
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'srv' is now up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'wan' is enabled
Sat Nov 20 07:19:15 2021 daemon.notice netifd: bridge 'br-wan' link is up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'wan' has link connectivity
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'wan' is setting up now
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'loopback' is enabled
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'loopback' is setting up now
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'loopback' is now up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Network device 'eth2' link is up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Network device 'lo' link is up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Interface 'loopback' has link connectivity
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Network device 'eth0' link is up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: Network device 'eth1' link is up
Sat Nov 20 07:19:15 2021 daemon.notice netifd: wan (853): udhcpc: started, v1.33.1
Sat Nov 20 07:19:15 2021 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Sat Nov 20 07:19:15 2021 daemon.notice netifd: wan (853): udhcpc: sending discover
Sat Nov 20 07:19:15 2021 cron.err crond[936]: crond (busybox 1.33.1) started, log level 5
Sat Nov 20 07:19:15 2021 daemon.notice netifd: wan (853): udhcpc: sending select for XXXXXXXX
Sat Nov 20 07:19:15 2021 user.notice firewall: Reloading firewall due to ifup of srv (br-lxc)
Sat Nov 20 07:19:16 2021 user.notice ucitrack: Setting up /etc/config/network reload dependency on /etc/config/dhcp
Sat Nov 20 07:19:16 2021 user.notice ucitrack: Setting up /etc/config/wireless reload dependency on /etc/config/network
Sat Nov 20 07:19:16 2021 user.notice ucitrack: Setting up /etc/config/firewall reload dependency on /etc/config/luci-splash
Sat Nov 20 07:19:16 2021 user.notice ucitrack: Setting up /etc/config/firewall reload dependency on /etc/config/qos
Sat Nov 20 07:19:16 2021 user.notice ucitrack: Setting up /etc/config/firewall reload dependency on /etc/config/miniupnpd
Sat Nov 20 07:19:16 2021 user.notice ucitrack: Setting up /etc/config/dhcp reload dependency on /etc/config/odhcpd
Sat Nov 20 07:19:16 2021 daemon.notice netifd: wan (853): udhcpc: lease of XXXXXXXX obtained, lease time 1200
Sat Nov 20 07:19:16 2021 daemon.notice netifd: Interface 'wan' is now up
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: reading /tmp/resolv.conf.d/resolv.conf.auto
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain test
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain onion
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain localhost
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain local
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain invalid
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain bind
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: using only locally-known addresses for domain lan
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: using nameserver XXXXXXXX#53
Sat Nov 20 07:19:16 2021 daemon.info dnsmasq[500]: using nameserver XXXXXXXX#53
Sat Nov 20 07:19:16 2021 user.notice firewall: Reloading firewall due to ifup of wan (br-wan)
Sat Nov 20 07:19:16 2021 user.notice ucitrack: Setting up non-init /etc/config/fstab reload handler: /sbin/block mount
Sat Nov 20 07:19:16 2021 user.notice ucitrack: Setting up /etc/config/system reload dependency on /etc/config/luci_statistics
Sat Nov 20 07:19:16 2021 user.notice ucitrack: Setting up /etc/config/system reload dependency on /etc/config/dhcp
Sat Nov 20 07:19:16 2021 daemon.notice procd: /etc/rc.d/S95done: Warning: Unable to locate ipset utility, disabling ipset support
Sat Nov 20 07:19:16 2021 daemon.notice procd: /etc/rc.d/S95done: Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Sat Nov 20 07:19:16 2021 daemon.notice procd: /etc/rc.d/S95done: Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Sat Nov 20 07:19:16 2021 daemon.notice procd: /etc/rc.d/S95done: * Set tcp_ecn to off
Sat Nov 20 07:19:16 2021 daemon.notice procd: /etc/rc.d/S95done: * Set tcp_syncookies to on
Sat Nov 20 07:19:16 2021 daemon.notice procd: /etc/rc.d/S95done: * Set tcp_window_scaling to on
Sat Nov 20 07:19:16 2021 daemon.notice procd: /etc/rc.d/S95done: * Running script '/etc/firewall.user'
Sat Nov 20 07:19:16 2021 authpriv.info dropbear[1436]: Not backgrounding
Sat Nov 20 07:19:17 2021 daemon.info procd: - init complete -
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[500]: exiting on receipt of SIGTERM
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: Connected to system UBus
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: started, version 2.85 cachesize 150
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: DNS service limited to local subnets
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: UBus support enabled: connected to system bus
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq-dhcp[1760]: DHCP, IP range 10.10.10.100 -- 10.10.10.249, lease time 12h
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq-dhcp[1760]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain test
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain onion
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain localhost
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain local
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain invalid
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain bind
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain lan
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: reading /tmp/resolv.conf.d/resolv.conf.auto
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain test
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain onion
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain localhost
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain local
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain invalid
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain bind
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using only locally-known addresses for domain lan
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using nameserver XXXXXX#53
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: using nameserver XXXXXX#53
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: read /etc/hosts - 4 addresses
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq[1760]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Sat Nov 20 07:19:17 2021 daemon.info dnsmasq-dhcp[1760]: read /etc/ethers - 0 addresses
Sat Nov 20 07:19:21 2021 daemon.err uhttpd[1042]: luci: accepted login on / for root from 192.168.1.140
Sat Nov 20 07:19:27 2021 authpriv.info dropbear[1826]: Child connection from 192.168.1.140:28239
Sat Nov 20 07:19:28 2021 authpriv.notice dropbear[1826]: Password auth succeeded for 'root' from 192.168.1.140:28239
Sat Nov 20 07:19:56 2021 daemon.info procd: Instance sysntpd::instance1 s in a crash loop 6 crashes, 3 seconds since last crash
Sat Nov 20 07:20:20 2021 daemon.info dnsmasq-dhcp[1760]: DHCPDISCOVER(br-lan) 24:df:a7:dc:0e:9b
Sat Nov 20 07:20:20 2021 daemon.info dnsmasq-dhcp[1760]: DHCPOFFER(br-lan) 192.168.1.100 24:df:a7:dc:0e:9b
Sat Nov 20 07:20:20 2021 daemon.info dnsmasq-dhcp[1760]: DHCPREQUEST(br-lan) 192.168.1.100 24:df:a7:dc:0e:9b
Sat Nov 20 07:20:20 2021 daemon.info dnsmasq-dhcp[1760]: DHCPACK(br-lan) 192.168.1.100 24:df:a7:dc:0e:9b Himalaya
Sat Nov 20 07:20:33 2021 daemon.info dnsmasq-dhcp[1760]: DHCPREQUEST(br-lan) 192.168.1.100 24:df:a7:dc:0e:9b
Sat Nov 20 07:20:33 2021 daemon.info dnsmasq-dhcp[1760]: DHCPACK(br-lan) 192.168.1.100 24:df:a7:dc:0e:9b Himalaya
Sat Nov 20 07:20:57 2021 daemon.info dnsmasq-dhcp[1760]: DHCPREQUEST(br-lan) 192.168.1.100 24:df:a7:dc:0e:9b
Sat Nov 20 07:20:57 2021 daemon.info dnsmasq-dhcp[1760]: DHCPACK(br-lan) 192.168.1.100 24:df:a7:dc:0e:9b Himalaya