update 6.3.3 left apps not responding & firewall inactive after reboot
-
the latest update to 6.3.3 left nextcloud & wallabag not responding/restarting.
the pbl. was access to the pgsql container, which was fixed by a manual restart of the container...the necessary system reboot left the firewall down: (due to a race condition?)
Jun 30 08:27:20 my.eb8.org cloudron-firewall.sh[5559]: ==> Setting up firewall Jun 30 08:27:20 my.eb8.org cloudron-firewall.sh[5613]: iptables: Bad rule (does a matching rule exist in that chain?). Jun 30 08:27:22 my.eb8.org cloudron-firewall.sh[5828]: Another app is currently holding the xtables lock. Perhaps you want to use the -w option? Jun 30 08:27:22 my.eb8.org cloudron-firewall.sh[5833]: iptables: No chain/target/match by that name. Jun 30 08:27:22 my.eb8.org systemd[1]: cloudron-firewall.service: Main process exited, code=exited, status=1/FAILURE Jun 30 08:27:22 my.eb8.org systemd[1]: cloudron-firewall.service: Failed with result 'exit-code'. Jun 30 08:27:22 my.eb8.org systemd[1]: Failed to start Cloudron Firewall.manual restating the FW brought it back online.
-
the latest update to 6.3.3 left nextcloud & wallabag not responding/restarting.
the pbl. was access to the pgsql container, which was fixed by a manual restart of the container...the necessary system reboot left the firewall down: (due to a race condition?)
Jun 30 08:27:20 my.eb8.org cloudron-firewall.sh[5559]: ==> Setting up firewall Jun 30 08:27:20 my.eb8.org cloudron-firewall.sh[5613]: iptables: Bad rule (does a matching rule exist in that chain?). Jun 30 08:27:22 my.eb8.org cloudron-firewall.sh[5828]: Another app is currently holding the xtables lock. Perhaps you want to use the -w option? Jun 30 08:27:22 my.eb8.org cloudron-firewall.sh[5833]: iptables: No chain/target/match by that name. Jun 30 08:27:22 my.eb8.org systemd[1]: cloudron-firewall.service: Main process exited, code=exited, status=1/FAILURE Jun 30 08:27:22 my.eb8.org systemd[1]: cloudron-firewall.service: Failed with result 'exit-code'. Jun 30 08:27:22 my.eb8.org systemd[1]: Failed to start Cloudron Firewall.manual restating the FW brought it back online.
-
I have seen this happens when we try to add a lot of iptable rules quickly. Do you have a lot of IP address in your firewall (i.e added via Cloudron) ? I remember we hit this before and I converted the code to use ipset based on the suggestion in https://serverfault.com/questions/935272/another-app-is-currently-holding-the-xtables-lock but looks like we hit this anyway... Is this easily reproducible?
-
@chymian-0 do you have any additional firewall/iptables rules put manually?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login