Firewall webvirtmgr-console Error

denisBKM · September 21, 2016, 10:34am

Hello everyone
new on nethserver I encounter a bug on the firewall console that webvirtmgr here (after the update Kernel release
3.10.0-327.36.1.el7.x86_64):

Check firewall rules

Checking using Shorewall 5.0.8.2…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Loading Modules…
Checking /etc/shorewall/zones…
Checking /etc/shorewall/interfaces…
Checking /etc/shorewall/hosts…
Determining Hosts in Zones…
WARNING: *** blue is an EMPTY ZONE ***
Locating Action Files…
Checking /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering…
Checking Kernel Route Filtering…
Checking Martian Logging…
Checking MAC Filtration – Phase 1…
Checking /etc/shorewall/rules…
Checking /etc/shorewall/action.NFQBY for chain NFQBY…
ERROR: The separator for a port range is ‘:’, not ‘-’ (5900-5950) /etc/shorewall/rules (line 228)

How to have the VM console now?

Thank you in advance for your answers

regards
Denis

flatspin · September 21, 2016, 11:27am

This is the problem. Failure in databaseentry.

Try “config setprop webvirtmgr-console TCPPorts 5900:5950,16509,6080” to change the - to :
then " expand-template /etc/shorewall/rules"
then " systemctl restart shorewall.service"

Please give feedback if it’s o.k.

denisBKM · September 21, 2016, 12:51pm

Hello flatspin,

I confirm that via an ssh console I did this

config setprop webvirtmgr-console TCPPorts 5900:5950,16509,6080 expand-template /etc/shorewall/rules
$ systemctl restart shorewall.service

what has changed the rule and set " : " and now the console works perfectly

I should point out that I had this problem since the Beta version Mayo and from the updated version Bruschetta I could finally see a log display about it! (miam)

bug is solved, thank you very much flatspin

best regards
denis

flatspin · September 21, 2016, 1:11pm

The bug it self is not solved. Only on your machine.
I installed webvirmanager on a vm and found the same problem.

Thank you for reporting @denisBKM

@davidep, @alefattorini we have a little bug in the webvirtmgr-package. After installation the template generates a wrong firewall rule with a portrange 5900-5950 instead of 5900:5950 because of a wrong databaseentry. Who is the right handle this?

davidep · September 21, 2016, 1:16pm

Great shot @flatspin!

Could you open a Pull Request on GitHub? You fork the repo and edit that file directly on

flatspin · September 21, 2016, 1:26pm

I hope I did all right. (My first time…)

davidep · September 21, 2016, 1:29pm

Excellent! Could you open a bug too? (yes, this should be the first step)

Please add also a link to this thread!

flatspin · September 21, 2016, 1:43pm

Done. Should I comment the steps before?

davidep · September 21, 2016, 1:46pm

In a bug report you must include:

system version
problem description / symptom(s) of the problem
steps to reproduce the problem
relevant component names and versions (RPMs)
workaround (if any)

The solution is not important when the bug is recorded, but any suggestion is welcome of course!

Edit: bug opened, thanks to @flatspin and @denisBKM

alefattorini · September 22, 2016, 1:28pm

Wow this bug is already tested and closed! Thanks @flatspin you’re becoming a terrific Beta Tester!