Solved update 6.3.3 left apps not responding & firewall inactive after reboot
chymian 0 last edited by girish
the latest update to 6.3.3 left nextcloud & wallabag not responding/restarting.
the pbl. was access to the pgsql container, which was fixed by a manual restart of the container...
the necessary system reboot left the firewall down: (due to a race condition?)
Jun 30 08:27:20 my.eb8.org cloudron-firewall.sh: ==> Setting up firewall Jun 30 08:27:20 my.eb8.org cloudron-firewall.sh: iptables: Bad rule (does a matching rule exist in that chain?). Jun 30 08:27:22 my.eb8.org cloudron-firewall.sh: Another app is currently holding the xtables lock. Perhaps you want to use the -w option? Jun 30 08:27:22 my.eb8.org cloudron-firewall.sh: iptables: No chain/target/match by that name. Jun 30 08:27:22 my.eb8.org systemd: cloudron-firewall.service: Main process exited, code=exited, status=1/FAILURE Jun 30 08:27:22 my.eb8.org systemd: cloudron-firewall.service: Failed with result 'exit-code'. Jun 30 08:27:22 my.eb8.org systemd: Failed to start Cloudron Firewall.
manual restating the FW brought it back online.
@chymian-0 do you have any additional firewall/iptables rules put manually?
I have seen this happens when we try to add a lot of iptable rules quickly. Do you have a lot of IP address in your firewall (i.e added via Cloudron) ? I remember we hit this before and I converted the code to use ipset based on the suggestion in https://serverfault.com/questions/935272/another-app-is-currently-holding-the-xtables-lock but looks like we hit this anyway... Is this easily reproducible?
chymian 0 last edited by
no, only 2-3 ports tcp/udp (wireguard/snmp/ssh)
and it happened inbetween again, without any reboots/upgrades/etc. I got notfied by network mgmgt system, that my cloudron server is down - luckily it was just the firewall…