I have deleted some cidr definitions in firewall settings, that were used for threadshield/settings/whitelist. Now thos lines in threatshield/whitelist remine empty and are not deletable. additionally I cannot add the same ranges anymore, as long as these empty entries are not deleted.
How can I remove them?
This is indeed a bug, IIRC this is your situation:
The object shouldn’t be removable if used by the threat shield. We should add a check for all objects inside the system validators. As an exaple, in the case of an host, we should add a check inside the
fwobject-host-delete system validator.
You can fix your installation with:
config setprop blacklist Whitelist ''
@andre8244 would you mind open the issue?
Issue is ready to be tested: https://github.com/NethServer/dev/issues/6196
@Elleni if you want to give it a try and give us feedback you are more than welcome!
I’d love help testing, but you need to tell me howto install this version and howto remove it once tested, as I want to stay on the normal repo when going live with this system.
You can install testing rpm with:
yum --enablerepo=nethserver-testing install nethserver-blacklist
Follow the steps in the issue to ensure the bug is solved and comment the issue with your feedback.
Then, to go back to non-testing rpm:
yum downgrade nethserver-blacklist
I’ve just verified the bug and released the fix. The package will be soon pushed to all mirrors.
Verified too, works as expected, thank you. Btw. I also found another error, that caused shorewall to not start because of having created a zone named ovpn. In the logs there was indicated that there is a double entry. Maybe this could be addressed with the same issue? See Need help understanding nethserver Firewall
Another thnig I have remarked is that “any” was removed from the row per page pull-down menu. Was that by mistake or intentianoal?
After having tested the package, I wonder how to disable the repo testing after downgrading blacklist to normal version, in order to be on the standard repo?
Cool, thank you for the testing!
That’s another issue, I’ve moved the discussion here: Overlapping zone name
Intentional, you can search the forum for the answer.
If you followed Andrea instructions, you do not needed to do it. The above command enabled the testing repository just fort that transaction.
Very good thank you for clarification