Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved update 6.3.3 left apps not responding & firewall inactive after reboot

    Support
    firewall
    3
    4
    155
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chymian 0
      chymian 0 last edited by girish

      the latest update to 6.3.3 left nextcloud & wallabag not responding/restarting.
      the pbl. was access to the pgsql container, which was fixed by a manual restart of the container...

      the necessary system reboot left the firewall down: (due to a race condition?)

      Jun 30 08:27:20 my.eb8.org cloudron-firewall.sh[5559]: ==> Setting up firewall
      Jun 30 08:27:20 my.eb8.org cloudron-firewall.sh[5613]: iptables: Bad rule (does a matching rule exist in that chain?).
      Jun 30 08:27:22 my.eb8.org cloudron-firewall.sh[5828]: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
      Jun 30 08:27:22 my.eb8.org cloudron-firewall.sh[5833]: iptables: No chain/target/match by that name.
      Jun 30 08:27:22 my.eb8.org systemd[1]: cloudron-firewall.service: Main process exited, code=exited, status=1/FAILURE
      Jun 30 08:27:22 my.eb8.org systemd[1]: cloudron-firewall.service: Failed with result 'exit-code'.
      Jun 30 08:27:22 my.eb8.org systemd[1]: Failed to start Cloudron Firewall.
      

      manual restating the FW brought it back online.

      nebulon 1 Reply Last reply Reply Quote 1
      • nebulon
        nebulon Staff @chymian 0 last edited by

        @chymian-0 do you have any additional firewall/iptables rules put manually?

        chymian 0 1 Reply Last reply Reply Quote 0
        • girish
          girish Staff last edited by

          I have seen this happens when we try to add a lot of iptable rules quickly. Do you have a lot of IP address in your firewall (i.e added via Cloudron) ? I remember we hit this before and I converted the code to use ipset based on the suggestion in https://serverfault.com/questions/935272/another-app-is-currently-holding-the-xtables-lock but looks like we hit this anyway... Is this easily reproducible?

          1 Reply Last reply Reply Quote 0
          • chymian 0
            chymian 0 @nebulon last edited by

            hey @nebulon,
            no, only 2-3 ports tcp/udp (wireguard/snmp/ssh)
            and it happened inbetween again, without any reboots/upgrades/etc. I got notfied by network mgmgt system, that my cloudron server is down - luckily it was just the firewall…

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Powered by NodeBB