Firewall zone and forwarding settings not persistent

Installing and Using OpenWrt
1

Hi community,

Openwrt 21.02 on X86. I configure firewall zone and forwarding settings from Luci and make sure I apply settings. If I do another network configuration on CLI and do '/etc/init.d/network restart', the zone and forwarding settings will be gone and I have to redo again. How can I resolve this issue?

2

Did you hit save and apply.

1 Like
3

Yes I made sure I hit save and apply. I collected system log in Luci after the network restart.
https://pastebin.com/BuUhg291.
And yesterday I collected log whenever I reload the interface and notice the firewall zone forwarding rules are missing:

Fri May  6 13:51:46 2022 daemon.notice netifd: Network device 'wg0' link is down
Fri May  6 13:51:46 2022 daemon.notice netifd: Interface 'wg0' is now down
Fri May  6 13:51:46 2022 daemon.notice netifd: Interface 'wg0' is setting up now
Fri May  6 13:51:46 2022 daemon.notice netifd: Interface 'wg0' is now up
Fri May  6 13:51:46 2022 daemon.notice netifd: Network device 'wg0' link is up
Fri May  6 13:51:46 2022 user.notice firewall: Reloading firewall due to ifup of wg0 (wg0)

It looks that it reloads the firewall rule when interface is restarted.

4

I think I found the issue. I configured the openwisp_config module to push wireguard configuration but I have not attached other templete concerning firewall or other modules. After configuration push from the openwisp, the local configuration of the firwall zone is reset as shown here:

Sat May  7 13:40:57 2022 daemon.info openwisp: Local configuration outdated
Sat May  7 13:40:57 2022 daemon.info openwisp: Downloading configuration from controller...
Sat May  7 13:40:57 2022 daemon.info openwisp: Configuration downloaded, now applying it...
Sat May  7 13:40:57 2022 daemon.info openwisp: The following uci configs have been renamed: firewall.zone1, firewall.forwarding1, firewall.forwarding2, firewall.forwarding3, firewall.forwarding4
Sat May  7 13:40:57 2022 daemon.info openwisp: Service firewall has been reloaded via procd/ubus
Sat May  7 13:40:57 2022 daemon.info openwisp: Service system has been reloaded via procd/ubus
Sat May  7 13:41:02 2022 daemon.info openwisp: Testing configuration...
Sat May  7 13:41:03 2022 daemon.info openwisp: Configuration test succeeded
Sat May  7 13:41:03 2022 daemon.info openwisp: Configuration applied successfully