OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: greg124816 on August 09, 2018, 02:57:48 pm
-
I searched a little bit on the forum and did not see this issue mentioned.
After upgrading to 18.7, my firewall "reject" rules still work and can be edited and enabled/disabled if I click the Edit icon (pencil) for the rule. Then on the Edit Firewall Rule page i can check/uncheck the "Disabled: X Disable this Rule" check box and everything works as expected
The issue I'm seeing is with the "single click to enable/disable" rules from the Firewall: Rules: LAN page ( the list of all rules for LAN)
If the Reject rule is currently enabled, I can click the red circle with white X icon and the rule is disabled, I can then Apply the change and the rule is actually changed to disabled.
But, after disabling a reject rule, the Firewall: Rules: LAN page has no icon for that disabled reject rule. Normally (before my upgrade) it would have a grayed out circle with white X in it which you could click to Enable the rule, and then Apply/save the change.
As things are now since the upgrade I have to click the Edit icon(pencil) on the far right of the disabled Reject rule to load the edit page for that rule, then uncheck the Disable checkbox an save/apply to re-enable the rule.
All the Accept/Pass rules I have still work as they did before the upgrade.... I can enable/disable with a single click from the Firewall: Rules: LAN page and they show a grayed out triangle or green triangle indicating the enable/disable state.
I have a redundant pair of firewalls running CARP and both act this same way. I have 4 or 5 reject rules and they all operate this same way now.
Anyone else seeing this?
-
Click the arrow, it will turn green to yellow to indicate disabled and vice versa.
Working happily on my 18.7.
-
Yes, the green arrow ones work as you are describing. Those are ones with Accept actions in the firewall rule.
I have 3 or 4 Rules with "Reject" action that used to work like that but no longer do.
When the rule is enabled the icon shows up, you can click it and the rule is disabled.... but at that point, there is no icon present and you cannot click to re-enable the rule.
In this image below you can see the green/gray arrows for enabled/disabled Accept rules. There are 2 reject action rules in the image but only the upper one has it's icon. The rule below that reject rule is a disabled reject rule and there is no icon to click for re-enabling it.
-
I may have found the issue, in the attached image I have a snapshot of the HTML source.
I highlighted in yellow the two reject rule icon <span> sections, the top one is working the bottom one not.
The text of the two icon spans are:
<span class="fa fa-times-circle text-danger"></span>
<span class="f afa-times-circle text-muted"></span>
Is there a typo with "<fa" and "<f afa?\" which makes the icon not display and then of course not be clickable since there is no icon?
-
Hey! I fixed it. It wa a typo on that disabled icon span line
Here's the patch that fixes it for me:
--- firewall_rules.php.orig 2018-08-09 16:19:58.929729000 -0700
+++ firewall_rules.php 2018-08-09 16:20:21.632562000 -0700
@@ -440,7 +440,7 @@
} elseif ($filterent['type'] == "reject" && empty($filterent['disabled'])) {
$iconfn = "fa fa-times-circle text-danger";
} elseif ($filterent['type'] == "reject" && !empty($filterent['disabled'])) {
- $iconfn = "f afa-times-circle text-muted";
+ $iconfn = "fa fa-times-circle text-muted";
} elseif (empty($filterent['disabled'])) {
$iconfn = "fa fa-play text-success";
} else {
-
PR #2619 submitted:
https://github.com/opnsense/core/pull/2619 (https://github.com/opnsense/core/pull/2619)
-
Thanks for finding this. It'll be shipped in 18.7.1.
Cheers,
Franco