Firewall webvirtmgr-console Error

Hello everyone
new on nethserver I encounter a bug on the firewall console that webvirtmgr here (after the update Kernel release

Check firewall rules

Checking using Shorewall…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Loading Modules…
Checking /etc/shorewall/zones…
Checking /etc/shorewall/interfaces…
Checking /etc/shorewall/hosts…
Determining Hosts in Zones…
WARNING: *** blue is an EMPTY ZONE ***
Locating Action Files…
Checking /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Checking TCP Flags filtering…
Checking Kernel Route Filtering…
Checking Martian Logging…
Checking MAC Filtration – Phase 1…
Checking /etc/shorewall/rules…
Checking /etc/shorewall/action.NFQBY for chain NFQBY…
ERROR: The separator for a port range is ‘:’, not ‘-’ (5900-5950) /etc/shorewall/rules (line 228)

How to have the VM console now?

Thank you in advance for your answers :slight_smile:


1 Like

This is the problem. Failure in databaseentry.

Try “config setprop webvirtmgr-console TCPPorts 5900:5950,16509,6080” to change the - to :
then " expand-template /etc/shorewall/rules"
then " systemctl restart shorewall.service"

Please give feedback if it’s o.k.

1 Like

Hello flatspin,

I confirm that via an ssh console I did this

config setprop webvirtmgr-console TCPPorts 5900:5950,16509,6080 expand-template /etc/shorewall/rules
$ systemctl restart shorewall.service

what has changed the rule and set " : " and now the console works perfectly :wink:

I should point out that I had this problem since the Beta version Mayo and from the updated version Bruschetta I could finally see a log display about it! (miam) :blush:

bug is solved, thank you very much flatspin

best regards

1 Like

The bug it self is not solved. Only on your machine.
I installed webvirmanager on a vm and found the same problem.

Thank you for reporting @denisBKM

@davidep, @alefattorini we have a little bug in the webvirtmgr-package. After installation the template generates a wrong firewall rule with a portrange 5900-5950 instead of 5900:5950 because of a wrong databaseentry. Who is the right handle this?


Great shot @flatspin! :clap:

Could you open a Pull Request on GitHub? You fork the repo and edit that file directly on

1 Like

I hope I did all right. (My first time…:innocent:)


Excellent! Could you open a bug too? (yes, this should be the first step)

Please add also a link to this thread!

Done. Should I comment the steps before?

In a bug report you must include:

  • system version
  • problem description / symptom(s) of the problem
  • steps to reproduce the problem
  • relevant component names and versions (RPMs)
  • workaround (if any)

The solution is not important when the bug is recorded, but any suggestion is welcome of course!

Edit: bug opened, thanks to @flatspin and @denisBKM

1 Like

Wow this bug is already tested and closed! Thanks @flatspin you’re becoming a terrific Beta Tester!

1 Like