Hi! Having problems after migration from 24.10.5 to 25.12.0
Main problem is that when i install dockerman my all lan devices cant access internet.
Previously i was using other docker package (dont remember name) and it looks like that my existing config is not valid with dockerman.
I had explicit firewall rules and forwarding rules in pbr (per ip range).
Initially i had errors that firewall cant be started below
root@Router:~# /etc/init.d/firewall restart
/dev/stdin:49:9-22: Error: redefinition of symbol 'docker_devices'
define docker_devices = { "docker0" }
^^^^^^^^^^^^^^
The rendered ruleset contains errors, not doing firewall restart.
, but after sevaral uninstall-install attempts it is not showing up (as discovered docker0 bridge interface is being created by dockerman when previously i have created it by hand ?)
So I removed docker0 interfaces from network, and from firewall, but when i do clean installation of dockerman (even removed dockerman config) all lan devices cant access internet. From router itself i am able to access internet.
I see that docker0 is being created. Adjusting firewall rules for docker access doesnt help either.
Please advise where to look up, as clean dockerman install (with initial docker config) breaks everything.
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fde3:d3f0:9ebc::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'sfp2'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '1.1.1.1'
list dns '1.0.0.1'
option delegate '0'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
option disabled '1'
option reqaddress 'try'
option reqprefix 'auto'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'WG0'
option proto 'wireguard'
option peerdns '0'
option mtu '1280'
option private_key 'UBjR+xxx/vS+kymLjp7T0k='
list addresses '172.16.0.2/32'
list dns '1.1.1.1'
list dns '1.0.0.1'
option delegate '0'
option defaultroute '0'
config wireguard_WG0
option endpoint_port '2408'
option description 'cloudflare_warp'
option endpoint_host 'engage.cloudflareclient.com'
option public_key 'bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo='
option persistent_keepalive '25'
option route_allowed_ips '1'
list allowed_ips '0.0.0.0/0'
config interface 'openvpn'
option proto 'none'
option device 'tun0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'vpn_free'
option proto 'static'
option ipaddr '192.168.20.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'real_guest'
option proto 'static'
option ipaddr '192.168.30.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config interface 'iot_vpn_free'
option proto 'static'
option ipaddr '192.168.40.1'
option netmask '255.255.255.0'
list dns '8.8.8.8'
list dns '8.8.4.4'
config device
option name 'wan'
option macaddr 'E8:9F:80:E9:56:F5'
config wireguard_WG0
option description 'Proton_VPN_Wireguard_-NL-FREE-378149.conf'
option endpoint_port '51820'
option endpoint_host '169.150.218.137'
option public_key 'p3GNfkhyld5v3cODG9SVHjYCgFAzXfF4717xTxs6n3o='
option route_allowed_ips '1'
list allowed_ips '0.0.0.0/0'
option disabled '1'
config 1 'wed_enable'
config device
option name 'sfp2'
option ipv6 '1'
config pbr 'config'
option verbosity '2'
option strict_enforcement '1'
option src_ipset '0'
option dest_ipset '0'
list ignored_interface 'vpnserver wgserver'
option boot_timeout '30'
option procd_reload_delay '1'
option webui_enable_column '0'
option webui_protocol_column '0'
option webui_chain_column '0'
option webui_sorting '1'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
list webui_supported_protocol 'all'
option ipv6_enabled '0'
option resolver_set 'dnsmasq.nftset'
option rule_create_option 'add'
option enabled '1'
option webui_show_ignore_target '1'
option config_compat '25'
option config_version '1.2.2-r10'
option uplink_ip_rules_priority '30000'
config include
option path '/etc/pbr.netflix.user'
option enabled '0'
config include
option path '/etc/pbr.aws.user'
option enabled '0'
config policy
option name 'Allow LAN access from OpenVPN'
option interface 'ignore'
option dest_addr '192.168.8.0/24'
config policy
option name 'Allow Docker access from OpenVPN'
option interface 'ignore'
option dest_addr '172.17.0.0/16'
config policy
option name 'Allow LAN access from VPN FREE'
option dest_addr '192.168.20.0/24'
option interface 'ignore'
config policy
option interface 'wan'
option name 'openvpn'
option src_port '1194'
option proto 'tcp'
option chain 'output'
config policy
option src_addr '192.168.1.233'
option interface 'wan'
option name 'lianli'
option enabled '0'
config policy
option name 'lgtv48'
option src_addr '192.168.1.113'
option interface 'wan'
option enabled '0'
config policy
option name 'transmission'
option interface 'WG0'
option dest_port '51413'
option src_addr '192.168.1.1'
option enabled '0'
config policy
option name 'lan_to_wg'
option src_addr '192.168.1.1/24'
option interface 'WG0'
config policy
option name 'openvpn_in_to_wg'
option src_addr '192.168.8.0/24'
option interface 'WG0'
config policy
option name 'guest_to_vpn'
option src_addr '192.168.30.1/24'
option interface 'WG0'
config policy
option src_addr '192.168.10.1/24'
option name 'iot_to_vpn'
option interface 'WG0'
config policy
option name 'docker_to_lan'
option src_addr '172.17.0.0/16'
option dest_addr '192.168.0.0/16'
option interface 'ignore'
config policy
option name 'docker_to_wg'
option src_addr '172.17.0.0/16'
option interface 'WG0'
config policy
option name 'iot_to_wan'
option src_addr '192.168.40.1/24'
option interface 'wan'
config policy
option name 'vpn_free'
option interface 'wan'
option src_addr '192.168.20.1/24'
config policy
option interface 'wan'
option enabled '0'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'REJECT'
option flow_offloading '1'
option flow_offloading_hw '1'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'vpn_free'
option output 'ACCEPT'
option input 'ACCEPT'
option forward 'ACCEPT'
list network 'vpn_free'
config zone
option name 'openvpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
list network 'openvpn'
config zone
option output 'ACCEPT'
option input 'REJECT'
option forward 'REJECT'
option name 'iot_vpn_fre'
list network 'iot_vpn_free'
config zone
option name 'guest'
option output 'ACCEPT'
option input 'REJECT'
option forward 'REJECT'
list network 'guest'
config rule
option name 'Guest DNS'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Guest DHCP'
list proto 'udp'
option src 'guest'
option dest_port '67-68'
option target 'ACCEPT'
config zone
option name 'real_guest'
option output 'ACCEPT'
option forward 'REJECT'
option input 'REJECT'
list network 'real_guest'
config rule
option name 'VPN_FREE DNS'
option src 'vpn_free'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'VPN_FREE DHCP'
list proto 'udp'
option src 'vpn_free'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'IOT_VPN_FREE DNS'
option dest_port '53'
option target 'ACCEPT'
option src 'iot_vpn_fre'
config rule
option name 'IOT_VPN_FREE DHCP'
list proto 'udp'
option dest_port '67-68'
option target 'ACCEPT'
option src 'iot_vpn_fre'
config rule
option name 'REAL_GUEST DNS'
option src 'real_guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'REAL_GUEST DHCP'
list proto 'udp'
option src 'real_guest'
option dest_port '67-68'
option target 'ACCEPT'
config zone
option output 'ACCEPT'
option mtu_fix '1'
option forward 'ACCEPT'
option input 'ACCEPT'
option name 'wg0'
option masq '1'
list network 'WG0'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'REJECT'
option input 'REJECT'
list network 'wan'
list network 'wan6'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'WOL'
option src_dport '9'
option dest_ip '192.168.1.233'
option dest_port '9'
option src 'lan'
option enabled '0'
config rule
list proto 'tcp'
option src 'wan'
option dest_port '8000'
option target 'ACCEPT'
option name 'Allow-HTTP-lighttpd'
option enabled '0'
config rule 'ovpn'
option name 'Allow-OpenVPN'
option src 'wan'
option dest_port '1194'
option proto 'tcp'
option target 'ACCEPT'
config rule
option src_port '5353'
option src '*'
option name 'Allow-mDNS'
option target 'ACCEPT'
option dest_ip '224.0.0.251'
option dest_port '5353'
option proto 'udp'
config forwarding
option src 'vpn_free'
option dest 'wan'
config forwarding
option src 'iot_vpn_fre'
option dest 'wan'
config rule
option name 'Allow-Torrent-wg0-input'
option src 'wan'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '49152-65535'
option enabled '0'
config rule
option name 'Allow-Torrent-wan-forward'
option src 'wan'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '49152-65535'
option dest '*'
option enabled '0'
config rule
option name 'Allow-Torrent-wg0-input'
option src 'wg0'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '49152-65535'
option enabled '0'
config rule
option name 'Allow-Torrent-wg0-forward'
option src 'wg0'
option target 'ACCEPT'
option proto 'tcp udp'
option dest '*'
option dest_port '49152-65535'
option enabled '0'
config forwarding
option src 'vpn_free'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'iot_vpn_fre'
config forwarding
option src 'lan'
option dest 'real_guest'
config forwarding
option src 'lan'
option dest 'vpn_free'
config redirect
option target 'DNAT'
option name 'Torrents-wan'
option src 'wan'
option src_dport '49152-65535'
option enabled '0'
config redirect
option target 'DNAT'
option name 'Torrents-WG0'
option src 'wg0'
option src_dport '49152-65535'
option enabled '0'
config forwarding
option src 'vpn_free'
option dest 'iot_vpn_fre'
config forwarding
option src 'vpn_free'
option dest 'real_guest'
config forwarding
option src 'vpn_free'
option dest 'guest'
config forwarding
option src 'lan'
option dest 'guest'
config forwarding
option src 'openvpn'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'openvpn'
config forwarding
option src 'openvpn'
option dest 'iot_vpn_fre'
config forwarding
option src 'openvpn'
option dest 'real_guest'
config forwarding
option src 'openvpn'
option dest 'vpn_free'
config forwarding
option src 'openvpn'
option dest 'guest'
config rule
option src 'lan'
option target 'ACCEPT'
option proto 'tcp'
option dest_port '9091'
config forwarding
option src 'lan'
option dest 'wg0'
config forwarding
option src 'guest'
option dest 'wg0'
config forwarding
option src 'openvpn'
option dest 'wg0'
config rule
option src 'openvpn'
option dest 'lan'
option name 'Allow-VPN-NAT'
option target 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config zone
option name 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'docker'
config forwarding
option src 'docker'
option dest 'wg0'
config forwarding
option src 'lan'
option dest 'docker'