Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


New Firewall Feature issues



  • Hi,
    was happy about the new Firewall Feature so i started Blocking by Countrys.
    Blocked China and Russia IPs.
    So then at a Point i get the message Response timeout.
    Now i am not abel to Delete any IP or add new IP. I always get the Response timeout.
    8c34ce6e-50bf-4e1d-88a1-752247b5029e-grafik.png
    85e0059c-c634-48ed-aadd-35b9b9c469c1-grafik.png

    So i checked the box.log it tells me the IP's are duplicated
    Box POST /api/v1/network/blocklist 500 Internal Server Error Response timeout 20001.781 ms - 72
    2020-09-12T07:43:00.057Z box:shell setBlocklist (stdout): ipset v6.34: Element cannot be added to the set: it's already added

    2020-09-12T07:43:00.060Z box:shell setBlocklist code: 1, signal: null
    ERROR HttpError: Error setting blocklist: setBlocklist exited with code 1 signal null
    at Function.BoxError.toHttpError (/home/yellowtent/box/src/boxerror.js:97:16)
    at /home/yellowtent/box/src/routes/network.js:29:41
    at /home/yellowtent/box/src/network.js:45:27
    at f (/home/yellowtent/box/node_modules/once/once.js:25:25)
    at ChildProcess.<anonymous> (/home/yellowtent/box/src/shell.js:69:9)
    at ChildProcess.emit (events.js:198:13)
    at ChildProcess.EventEmitter.emit (domain.js:448:20)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:248:12) [ /home/yellowtent/box/node_modules/express/lib/application.js:630:43 ]

    So i deleted the List and pasted everything again now i am getting

    Box POST /api/v1/network/blocklist 500 Internal Server Error Response timeout 20001.588 ms - 72
    ERROR [object Object] [ /home/yellowtent/box/node_modules/express/lib/application.js:630:43 ]

    I will check the list on duplicates but, is there any Limits on IP Addresses or how much you can configure for the first time?
    Best Regards


  • Staff

    @savity Thanks for the report. Looks like we have a couple of bugs here:

    • Cloudron doesn't handle duplicates nicely.
    • For large lists, maybe it's taking a lot of time to add them. So, the request times out. It could also be that the request is large enough that it hits some API limits.

    Can you tell me roughly how big the request is? A rough way to measure this is to save the IPs in a file and check the size of the file.


  • Staff

    @savity said in New Firewall Feature issues:

    is there any Limits on IP Addresses or how much you can configure for the first time

    There's no limits from Cloudron side intentionally, but there are probably API limits we are hitting. So we have to adjust our code accordingly to allow large request sizes.


  • Staff

    The dedupe is now fixed.



  • First i Importet

    https://www.ipdeny.com/ipblocks/

    RUSSIAN FEDERATION (RU) [download ru.zone] Size: 170 KB (10497 IP blocks)

    And after Importing

    CHINA (CN) [download cn.zone] Size: 136 KB (8444 IP blocks)

    The issues startet


  • Staff

    I was to go upto 18k in mine. I will keep adding.

    a66991e6-e3ab-420b-9b0f-819c21c7be2a-image.png


  • Staff

    I could finally reproduce this after adding 30k blocks.

    Box POST /api/v1/network/blocklist 500 Internal Server Error Response timeout 20001.547 ms - 72
    ERROR [object Object] [ /home/yellowtent/box/node_modules/express/lib/application.js:630:43 ]



  • Looks like it depends on the server ressources maybe.


  • Staff

    @savity I have fixed this for the next release. You can add this one line - https://git.cloudron.io/cloudron/box/-/commit/467fa590230853e426710e73e467c1f2596f9f86 in /home/yellowtent/box/src/routes/network.js and systemctl restart box after that.


  • Staff

    For, 5.6.1, I also migrated the block list from a json format to a simple text file format. This allows us to have comments, blank lines etc which is useful when copy/pasting all these block lists.



  • thank youuuuu 🙂


Log in to reply