-
-
Notifications
You must be signed in to change notification settings - Fork 383
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: cannot remove allowed input port from firewall #2334
Comments
@qdm12 is more or less the only maintainer of this project and works on it in his free time.
|
Hi there, thanks for reporting this. It's likely due to a bug in Alpine 3.19's nf_tables usage - I created a bug report for the netfilter project. This should be fixed with 06c9bc5 which changes the preference from using the Can you please try pulling the latest image and see if it works? I'm also planning on upgrading to Alpine 3.20 which appears to resolve this problem, so I will switch back the iptables preference to using nf_tables again. |
I get the same error with the latest version: version latest built on 2024-07-09T14:47:46.048Z (commit 0501743). 2024-07-09T11:54:20-07:00 INFO [firewall] removing allowed port 15554... Reverting to 3.37.0, c826707, works well for me though. |
Uh, that's problematic.. Is it not working on v3.38.0??? That would be strange given the changes not touching iptables/ipv6 😕 Assuming this problem arises only in the latest image, what do you get when running
If it does show the rule, what happens if you run: docker exec gluetun ip6tables --delete INPUT -i tun0 -p tcp --dport 15554 -j ACCEPT (And replace |
on
on latest 3.38:
|
Hiya, I'm experiencing a similar issue after updating gluetun to the latest
So I executed a shell within the container and ran Running I ran I'm not sure where the I hope this info helps, if this appears to be a different issue I'll raise it as appropriate. If this is the same issue, gluetun I assume will either need to ensure that Thanks, |
On version b3ceece (one that doesn't work right for me), when I run "iptables-legacy --delete INPUT -i tun0 -p tcp --dport 15554 -j ACCEPT", the rule gets deleted fine. So your issue is probably different from mine. |
@cspark-development I pushed 73832d8 to add @mjsjml But does it work at all on a previous released images Also when you say
Note latest and v3.38 are NOT the same.
So the problematic version seems to be v3.38 right??? Also you mention Please clarify the versions which work and the versions which don't, since I'm kind of majorly confused on that 😄 Thanks! |
@qdm12 Thanks for getting back to me, I'll let you know whether the hotfix change fixes my issue or not. Issue only arises on healthcheck failures so may take a while to confirm. |
@mjsjml You may be experiencing the same issue as me just on IPv6, i'd disregard the remarks about |
The image that works for me is c826707 (version 3.37). Ones that don't work are b3ceece, 0501743, and 73832d8. I might have found the problem. The latest container (73832d8) fails running "ip6tables --delete INPUT -i tun0 -p tcp -m tcp --dport 63799 -j ACCEPT" giving the error about a matching rule. If I first delete the udp rule with "ip6tables --delete INPUT -i tun0 -p udp -m udp --dport 63799 -j ACCEPT" then the tcp rule can be deleted without an error. |
Well this doesn't make any sense 😄 As in, ip6tables doesn't make sense, you do make sense 👍 |
Still happening Running version latest built on 2024-07-28T14:31:52.048Z (commit ddbfdc9)
|
Same error for me on "latest", 7bc2972. I would try ddbfdc9 but I don't know how to choose specific commit in docker compose. My error is different from @billsbdb3 . Mine complains about removing the tcp port in ip6tables and his is about the udp port in iptables. When I do the "ip6tables -S" command I can see that both the udp and tcp ports are still there. I can then remove the udp port followed by the tcp port successfully in the terminal.
|
For all of you ideally: do you have the same bug on Two cases:
PS: I hope it's |
yes, same bug on 3.38.0. |
I ran into seemingly the same issue not being able to remove udp ports while working on #2392. Both iptables and ip6tables refuse to delete udp rules. Even stranger is that it seems to only affects up to two rules, one of which sometimes can be deleted manually. Also since #2392 lets you add ports to the firewall via the control server it might be useful for testing. |
How can we revert back to the last working release in docker compose? the ":3.37" after the image doesn't work for me. Gluetun's giving me trouble as soon as soon as gluetun hasn't been healthy for six seconds. I get the following issues similar to others: 2024-08-07T07:50:24+02:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN |
I'm working on a fix (latest image) and will do a v3.37.2 + v3.38.2 + v3.39.1 release sometime later with that fix. |
Please see and try #2411 (image
In particular steps 1 to 3 are tedious and prone to error. It looks like it's working, but some testing from you would be appreciated to make sure it doesn't break something! 😉 |
sadly not fixed :/ its giving the same error and then restarting the entire container
|
This is likely still fixed for many setups, so to others, please still try it 😉 Now regarding your case, let's see!
Not exactly the same error Now this error is a bit interesting too, showing listing iptables gives the warning iptables-legacy tables present use iptables-legacy to see them. I did not get that error on my machine, since it's not using iptables-legacy at all. Can you report what output you get from the following commands on a running Gluetun container:
|
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Anyone else can confirm this works fine now with image |
Have been testing this but took a few days to finally fail a healthcheck. I get an error but it does successfully start a new connection and allow required ports...
|
Thanks @mjsjml ! The following errors are fixed in 3d41cc1 where it now handles source/destination networks without the
Let me know if you get any other firewall errors, even if it's not critical/doesn't crash the container. |
Can confirm that up until now all healthchecks are recovering properly. |
Closed issues are NOT monitored, so commenting here is likely to be not seen. This is an automated comment setup because @qdm12 is the sole maintainer of this project |
- Fix qdm12#2334 - Parsing of iptables chains, contributing to progress for qdm12#1856
I just tried to set gluetun up with an asian VPN endpoint and I'm seeing stuff like the below. I think the endpoint is broken, so the container can't connect - that's fine, but I noticed the error below. :)
I'm running a gluetun docker image with the source revision bc55c25 which is quite recent. So I found this issue. Might the fix have missed something related to IPv6 addresses.. I've added in my current iptables rules for this container. Logs``` 2024-08-18T11:54:16.552618213Z 2024-08-18T11:54:16Z INFO [vpn] starting 2024-08-18T11:54:16.552833482Z 2024-08-18T11:54:16Z INFO [firewall] allowing VPN connection... 2024-08-18T11:54:16.560562617Z 2024-08-18T11:54:16Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] 2024-08-18T11:54:16.560858469Z 2024-08-18T11:54:16Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10 2024-08-18T11:54:16.563152752Z 2024-08-18T11:54:16Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]194.5.49.72:1195 2024-08-18T11:54:16.563494544Z 2024-08-18T11:54:16Z INFO [openvpn] UDPv4 link local: (not bound) 2024-08-18T11:54:16.563735643Z 2024-08-18T11:54:16Z INFO [openvpn] UDPv4 link remote: [AF_INET]194.5.49.72:1195 2024-08-18T11:54:32.672382248Z 2024-08-18T11:54:32Z INFO [healthcheck] program has been unhealthy for 16s: restarting VPN 2024-08-18T11:54:32.672686728Z 2024-08-18T11:54:32Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md 2024-08-18T11:54:32.672978298Z 2024-08-18T11:54:32Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION 2024-08-18T11:54:32.673257380Z 2024-08-18T11:54:32Z INFO [vpn] stopping 2024-08-18T11:54:32.673526608Z 2024-08-18T11:54:32Z INFO [vpn] starting 2024-08-18T11:54:32.673786978Z 2024-08-18T11:54:32Z INFO [firewall] allowing VPN connection... 2024-08-18T11:54:32.769580445Z 2024-08-18T11:54:32Z ERROR [firewall] cannot remove outdated VPN interface rule: finding iptables chain rule line number: parsing chain list: parsing chain rule "3 0 0 ACCEPT 0 -- * eth0 ::/0 ff02::/104 ": parsing chain rule field: parsing destination IP CIDR: netip.ParsePrefix("ff02::/104/32"): ParseAddr("ff02::/104"): each colon-separated field must have at least one digit (at "/104") 2024-08-18T11:54:32.778128293Z 2024-08-18T11:54:32Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] 2024-08-18T11:54:32.778457360Z 2024-08-18T11:54:32Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10 2024-08-18T11:54:32.780701815Z 2024-08-18T11:54:32Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]64.64.121.6:1195 2024-08-18T11:54:32.781595808Z 2024-08-18T11:54:32Z INFO [openvpn] UDPv4 link local: (not bound) 2024-08-18T11:54:32.782402554Z 2024-08-18T11:54:32Z INFO [openvpn] UDPv4 link remote: [AF_INET]64.64.121.6:1195 2024-08-18T11:54:36.132406137Z 2024-08-18T11:54:36Z INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:54:41.600795228Z 2024-08-18T11:54:41Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:54:49.524211313Z 2024-08-18T11:54:49Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:54:53.888152508Z 2024-08-18T11:54:53Z INFO [healthcheck] program has been unhealthy for 21s: restarting VPN 2024-08-18T11:54:53.888651013Z 2024-08-18T11:54:53Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md 2024-08-18T11:54:53.888997691Z 2024-08-18T11:54:53Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION 2024-08-18T11:54:53.889292900Z 2024-08-18T11:54:53Z INFO [vpn] stopping 2024-08-18T11:54:53.892470317Z 2024-08-18T11:54:53Z INFO [vpn] starting 2024-08-18T11:54:53.892778659Z 2024-08-18T11:54:53Z INFO [firewall] allowing VPN connection... 2024-08-18T11:54:53.899979025Z 2024-08-18T11:54:53Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] 2024-08-18T11:54:53.900268212Z 2024-08-18T11:54:53Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10 2024-08-18T11:54:53.902606140Z 2024-08-18T11:54:53Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]64.64.121.6:1195 2024-08-18T11:54:53.902973823Z 2024-08-18T11:54:53Z INFO [openvpn] UDPv4 link local: (not bound) 2024-08-18T11:54:53.903271649Z 2024-08-18T11:54:53Z INFO [openvpn] UDPv4 link remote: [AF_INET]64.64.121.6:1195 2024-08-18T11:54:57.251463111Z 2024-08-18T11:54:57Z INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:55:03.106005016Z 2024-08-18T11:55:03Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:55:10.880037905Z 2024-08-18T11:55:10Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:55:20.005848274Z 2024-08-18T11:55:20Z INFO [healthcheck] program has been unhealthy for 26s: restarting VPN 2024-08-18T11:55:20.006165037Z 2024-08-18T11:55:20Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md 2024-08-18T11:55:20.015805668Z 2024-08-18T11:55:20Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION 2024-08-18T11:55:20.016631684Z 2024-08-18T11:55:20Z INFO [vpn] stopping 2024-08-18T11:55:20.051784092Z 2024-08-18T11:55:20Z INFO [vpn] starting 2024-08-18T11:55:20.052110439Z 2024-08-18T11:55:20Z INFO [firewall] allowing VPN connection... 2024-08-18T11:55:20.145963512Z 2024-08-18T11:55:20Z ERROR [firewall] cannot remove outdated VPN interface rule: finding iptables chain rule line number: parsing chain list: parsing chain rule "3 0 0 ACCEPT 0 -- * eth0 ::/0 ff02::/104 ": parsing chain rule field: parsing destination IP CIDR: netip.ParsePrefix("ff02::/104/32"): ParseAddr("ff02::/104"): each colon-separated field must have at least one digit (at "/104") 2024-08-18T11:55:20.153713001Z 2024-08-18T11:55:20Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] 2024-08-18T11:55:20.153951688Z 2024-08-18T11:55:20Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10 2024-08-18T11:55:20.155903159Z 2024-08-18T11:55:20Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]194.5.49.72:1195 2024-08-18T11:55:20.156221143Z 2024-08-18T11:55:20Z INFO [openvpn] UDPv4 link local: (not bound) 2024-08-18T11:55:20.156541557Z 2024-08-18T11:55:20Z INFO [openvpn] UDPv4 link remote: [AF_INET]194.5.49.72:1195 2024-08-18T11:55:51.253889795Z 2024-08-18T11:55:51Z INFO [healthcheck] program has been unhealthy for 31s: restarting VPN 2024-08-18T11:55:51.254175887Z 2024-08-18T11:55:51Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md 2024-08-18T11:55:51.254465528Z 2024-08-18T11:55:51Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION 2024-08-18T11:55:51.254758101Z 2024-08-18T11:55:51Z INFO [vpn] stopping 2024-08-18T11:55:51.255144869Z 2024-08-18T11:55:51Z INFO [vpn] starting 2024-08-18T11:55:51.255457654Z 2024-08-18T11:55:51Z INFO [firewall] allowing VPN connection... 2024-08-18T11:55:51.260488074Z 2024-08-18T11:55:51Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] 2024-08-18T11:55:51.260734346Z 2024-08-18T11:55:51Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10 2024-08-18T11:55:51.262408053Z 2024-08-18T11:55:51Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]194.5.49.72:1195 2024-08-18T11:55:51.262713905Z 2024-08-18T11:55:51Z INFO [openvpn] UDPv4 link local: (not bound) 2024-08-18T11:55:51.262998385Z 2024-08-18T11:55:51Z INFO [openvpn] UDPv4 link remote: [AF_INET]194.5.49.72:1195 2024-08-18T11:56:27.355685510Z 2024-08-18T11:56:27Z INFO [healthcheck] program has been unhealthy for 36s: restarting VPN 2024-08-18T11:56:27.355998151Z 2024-08-18T11:56:27Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md 2024-08-18T11:56:27.356651547Z 2024-08-18T11:56:27Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION 2024-08-18T11:56:27.357459658Z 2024-08-18T11:56:27Z INFO [vpn] stopping 2024-08-18T11:56:27.365080851Z 2024-08-18T11:56:27Z INFO [vpn] starting 2024-08-18T11:56:27.365335657Z 2024-08-18T11:56:27Z INFO [firewall] allowing VPN connection... 2024-08-18T11:56:27.365600444Z 2024-08-18T11:56:27Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] 2024-08-18T11:56:27.365856835Z 2024-08-18T11:56:27Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10 2024-08-18T11:56:27.367155384Z 2024-08-18T11:56:27Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]194.5.49.72:1195 2024-08-18T11:56:27.393158400Z 2024-08-18T11:56:27Z INFO [openvpn] UDPv4 link local: (not bound) 2024-08-18T11:56:27.393845123Z 2024-08-18T11:56:27Z INFO [openvpn] UDPv4 link remote: [AF_INET]194.5.49.72:1195 2024-08-18T11:57:08.483371552Z 2024-08-18T11:57:08Z INFO [healthcheck] program has been unhealthy for 41s: restarting VPN 2024-08-18T11:57:08.483763827Z 2024-08-18T11:57:08Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md 2024-08-18T11:57:08.484055365Z 2024-08-18T11:57:08Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION 2024-08-18T11:57:08.484351326Z 2024-08-18T11:57:08Z INFO [vpn] stopping 2024-08-18T11:57:08.484604629Z 2024-08-18T11:57:08Z INFO [vpn] starting 2024-08-18T11:57:08.484876118Z 2024-08-18T11:57:08Z INFO [firewall] allowing VPN connection... 2024-08-18T11:57:08.541431550Z 2024-08-18T11:57:08Z ERROR [firewall] cannot remove outdated VPN interface rule: finding iptables chain rule line number: parsing chain list: parsing chain rule "3 0 0 ACCEPT 0 -- * eth0 ::/0 ff02::/104 ": parsing chain rule field: parsing destination IP CIDR: netip.ParsePrefix("ff02::/104/32"): ParseAddr("ff02::/104"): each colon-separated field must have at least one digit (at "/104") 2024-08-18T11:57:08.625288050Z 2024-08-18T11:57:08Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] 2024-08-18T11:57:08.626131515Z 2024-08-18T11:57:08Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10 2024-08-18T11:57:08.626988493Z 2024-08-18T11:57:08Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]64.64.121.6:1195 2024-08-18T11:57:08.627936951Z 2024-08-18T11:57:08Z INFO [openvpn] UDPv4 link local: (not bound) 2024-08-18T11:57:08.628519875Z 2024-08-18T11:57:08Z INFO [openvpn] UDPv4 link remote: [AF_INET]64.64.121.6:1195 2024-08-18T11:57:11.952435902Z 2024-08-18T11:57:11Z INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:57:19.040289372Z 2024-08-18T11:57:19Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:57:26.439409210Z 2024-08-18T11:57:26Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:57:41.555397430Z 2024-08-18T11:57:41Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:57:54.664828635Z 2024-08-18T11:57:54Z INFO [healthcheck] program has been unhealthy for 46s: restarting VPN 2024-08-18T11:57:54.665204421Z 2024-08-18T11:57:54Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md 2024-08-18T11:57:54.665510904Z 2024-08-18T11:57:54Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION 2024-08-18T11:57:54.665787923Z 2024-08-18T11:57:54Z INFO [vpn] stopping 2024-08-18T11:57:54.708616703Z 2024-08-18T11:57:54Z INFO [vpn] starting 2024-08-18T11:57:54.708899563Z 2024-08-18T11:57:54Z INFO [firewall] allowing VPN connection... 2024-08-18T11:57:54.714884274Z 2024-08-18T11:57:54Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] 2024-08-18T11:57:54.715148176Z 2024-08-18T11:57:54Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10 2024-08-18T11:57:54.717776451Z 2024-08-18T11:57:54Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]64.64.121.6:1195 2024-08-18T11:57:54.717995959Z 2024-08-18T11:57:54Z INFO [openvpn] UDPv4 link local: (not bound) 2024-08-18T11:57:54.718613781Z 2024-08-18T11:57:54Z INFO [openvpn] UDPv4 link remote: [AF_INET]64.64.121.6:1195 2024-08-18T11:57:55.143268967Z 2024-08-18T11:57:55Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:57:59.657062259Z 2024-08-18T11:57:59Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113) 2024-08-18T11:58:04.167443088Z 2024-08-18T11:58:04Z INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
/ # iptables -S
|
I encountered this issue when moving to AirVPN using port forwarding. I can confirm that it is indeed fixed with |
Don't use |
Is this urgent?
No
Host OS
Ubuntu 22.04
CPU arch
x86_64
VPN service provider
AirVPN
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2024-06-17T22:37:52.988Z (commit 93ed87d)
What's the problem 🤔
When gluetun fails a healthcheck and gets a new vpn connection, it can't resume port forwarding. The desired ports will be closed on the new connection. Things used to work fine with an older version of gluetun (don't know which one).
ERROR [vpn] cannot remove allowed input port from firewall: removing allowed port 63799 on interface tun0: command failed: "ip6tables --delete INPUT -i tun0 -p tcp --dport 63799 -j ACCEPT": ip6tables: Bad rule (does a matching rule exist in that chain?).: exit status 1
Share your logs (at least 10 lines)
Share your configuration
The text was updated successfully, but these errors were encountered: